Sarahah Has Been Downloading All the Data In Your Address Book


Sarahah lets its users comment on others anonymously but it doesn't reveal the name and neither does the app allow users to reply to a comment. But what is troublesome is the app is collecting something it doesn't even need. Interestingly, the app was doing the same for the devices running on iOS. After Intercept pointed out the behaviour, he stated "the data request will be removed on next update" and that Sarahah's servers now don't host contacts.

With privacy concerns on the rise, such information is certainly causing a negative effect for the app. The app stands accused of uploading emails and phone numbers from user address books to its servers.

When this news was reported by The Intercept, Zain al-Abidin Tawfiq responded by tweeting that the contact lists were being uploaded "for a planned "find your friends" feature". Julian reportedly found that the same occurs on iPhone, and that the app will also re-download all of your contacts if you haven't accessed it on your phone in some time. However, you can still refuse to give the permission and yet continue to use the app. Things get murky especially since the app doesn't offer any feature that would require access to your contacts. Apparently, the app is uploading users' phone numbers and email addresses in the address book to the company's servers, which was spotted by Zachary Julian, a senior security analyst at Bishop Fox when he installed the app on his Android smartphone, a Galaxy S5 running Android 5.1.1. According to him, the app transmits all of your email and phone contacts stored on the Android operating system. If Sarahah did ever begin showing which of your contacts are on its network, as advertised, this would lead to a new problem-it would make it far easier to deduce who is sending messages.

On a related note, it is very common for Android apps to secretly team up and steal your data. Even if that's the case, Sarahah users might not be happy with this feature considering it could take the entire fun of anonymity out of the way with users being able to guess based on who uses the app in their contact list. "The privacy policy specifically states that if it plans to use your data, it'll ask for your consent", he told the Intercept. With millions of users actively using the app, it soared high.

For those who have installed Sarahah but no longer wish to share their data, head over to settings apps and select the app. The site does not ask for permissions to access contacts from any of your address books.