At this point, it's either you're having fun or getting annoyed by the amount of Sarahah posts on your Facebook wall. For those who are under the rock, Sarahah is a messaging app that lets anyone message people anonymously. A simple concept, but it seems that the developer might be getting your contacts from your phone too without your consent.
According to Zachary Julian, a senior security analyst at Bishop Fox, he noticed that the app was uploading his private information to Sarahah's server when he tested it with BURP Suite, a monitoring software that intercepts internet traffic entering and leaving the device. He said: “As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system", Apple's iOS is not safe from this as well.
Sarahah App asked for contacts for a planned "find your friends" feature
— ZainAlabdin Tawfiq (@ZainAlabdin878) 27 August 2017
Obviously, nobody would like their private information used unknowingly. Sarahah's creator, Zain al-Abidin Tawfiq tweeted that next update will remove this blooper, as previously it was supposed to be "find your friends" feature but had some technical issues, which his former partner worked on and somehow "missed" removing it. Zain also claimed that Sarahah server has not stored any contacts in its database. We sure hope he stays true to his word.
To be fair, having contacts and other information to a server is common especially with free apps but not without your permission. It's still a bit scary to imagine what the developer can do with the information, however, those who use the web browser version won't face the same problem so feel free to use that if you still won't let go of the app yet.
Would you ignore or wait for the update? I think I'd wait for the update just to be safe. Stay tuned for more tech news at TechNave.com.
COMMENTS