As soon as a new app makes it way to the social media fanatics, it becomes a hit. The candid, anonymized messages app surged popularity after 18 million users made their profiles on the app after downloading it from Google PlayStore and Apple’s App Store. Apple users made the app Sarahah the Third Most Free Downloaded Software within the course of few days.
While the app makes friends and acquaintances share their feelings for the users in an anonymous manner, the “leave a constructive message” app is a lot more than you think.
According to a number of security analysts, Sarahah uploads all the email addresses and phone numbers after harvesting from the address book. When you log in the application for the first time, it asks for the permission to access your phone book. However, it does not disclose why there is a need to take such data from your personal address book.
What makes it super suspicious is that there is no connection to the app with phone numbers and email addresses from your handset as everything that goes there is anonymous.
According to the Bishop Fox’s senior security analyst Zachary Julian, the app started uploading his private information as soon as it was launched. He used Burp Suite, a monitoring software to keep an eye on the internet traffic which exists and enters the device. As soon as the Sarahah app was launched, his software showed the traffic leaving his device.
Zain al-Abidin, the creator of the app stated that the function of taking contacts will be removed in the future. He mentioned that this feature was added to address the “find your friends’ element”.
Additionally, he also mentioned to the Intercept that the future was due to a “technical issue” and will be removed. It had to be removed by the partner who no longer works for the app. The creator stated that they have “missed out” on removing the feature from the app. To verify his stance, he stated that the feature is no longer present on the server and the app does not store any personal information in the database.
However, none of this has been verified till date.
Security analysts have stated the Saudi app needs to comply with why they are extracting personal data of the users.