If you gave in to your curiosity and gave the viral ‘honesty app’ Sarahah a try, then this particular news piece might concern you. According to latest revelations made about the app, which allows users to send or receive anonymous messages, the app might be sneakily uploading its user’s phone contacts on to the company’s servers.
A report in The Intercept on Sunday revealed that Zachary Julian, a senior security analyst from IT security consulting firm Bishop Fox was the first one to discover that the app was uploading users private information, using a monitoring software BURP Suite.
The report quotes Julian saying, "As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system."
Anyone who has accessed the app might remember a step when the user's were asked for their permission to access contacts. Considering the nature of the app, many of us might have given permission even without giving it a second thought but the thing is that the step was never needed as there is no such feature in the app where these contacts would be required or even a search feature where users can look up for a friend using a contact number.
https://twitter.com/itsAlbatli/status/901954970223771649
However, Sarahah’s founder Zain al-Abidin Tawfiq has denied all the claims made by Zachary Julian. According to him, the contact lists were being uploaded “for a planned ‘find your friends’ feature” that was not yet released.
He also tweeted and assured Sarahah users that the data request will be removed from the app's next update and that the app was absolutely safe to use.
A report in The Intercept on Sunday revealed that Zachary Julian, a senior security analyst from IT security consulting firm Bishop Fox was the first one to discover that the app was uploading users private information, using a monitoring software BURP Suite.
The report quotes Julian saying, "As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system."
Anyone who has accessed the app might remember a step when the user's were asked for their permission to access contacts. Considering the nature of the app, many of us might have given permission even without giving it a second thought but the thing is that the step was never needed as there is no such feature in the app where these contacts would be required or even a search feature where users can look up for a friend using a contact number.
https://twitter.com/itsAlbatli/status/901954970223771649
However, Sarahah’s founder Zain al-Abidin Tawfiq has denied all the claims made by Zachary Julian. According to him, the contact lists were being uploaded “for a planned ‘find your friends’ feature” that was not yet released.
He also tweeted and assured Sarahah users that the data request will be removed from the app's next update and that the app was absolutely safe to use.
Advertisements