A viral “honesty” app, Sarahah, have been making waves on social media lately. It is basically a platform where one can receive or send anonymous messages.
Beware though, it was recently revealed that the free app secretly upload the user’s mobile contacts on to the company’s servers without consent. Although in some cases, Sarahah does request permission to access contacts, it does not disclose that it uploads such data. Sneaky, sneaky!
This alarming behaviour was discovered by Zachary Julian, a senior security analyst at Bishop Fox. “As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system,” he was quoted as saying, adding that the same case also happens to Apple’s iOS.
After receiving flak for stealing user’s private data, the creator of Sarahah, Zain al-Abidin Tawfiq, explained that the feature was intended for a “find your friends” feature, which hasn’t been made available on the app. The Saudi Arabian developer has also promised to halt collection of user data during the next update.
If you have downloaded the Sarahah app, you can double check to see if you’ve given permission for the app to access your data by:
- (iOS device): Go to Settings > Sarahah and check your settings there
- (Android): Go to Settings > Apps > Sarahah > App Permission to set the permissions according to your needs
For those thinking of deleting Sarahah, you are required to delete it on the website itself since that option is not available on the app.
Since launching earlier this year, Sarahah has accumulated more than 62 million users as of August 2017.