Anyone on social media will be familiar with Sarahah. The anonymous messaging app allows people to leave all sorts of messages for their friends without being found out, and has become the third most downloaded app on Google Play. However, it would appear that the developer has been harvesting contacts from phones.
Researchers monitoring the Sarahah’s app traffic noted that it is copying contacts from installed devices and transmitting them to a server. It is unknown what the developer is doing with the information, since monitoring equipment can only detect what’s happening on the device side of things.
Uploading contacts to a server is not necessarily something new, and it’s something that a lot of free to use apps tend to do. The price to pay for using a free service, as it is.
However, in this case, the Sarahah promises to be an anonymous messaging service. Uploading contacts could potentially jeopardise the nature of the service. Something that was seen with the now defunct Secret app; which offered the same sort of thing that Sarahah does.
Sarahah App asked for contacts for a planned “find your friends” feature
— ZainAlabdin Tawfiq (@ZainAlabdin878) August 27, 2017
Saudi developer Zain al-Abidin Tawfiq tweeted that the collection of contacts from his app was due to a dropped “find your friends” feature. He promised that it would be removed with a future update, and that none of the collected information is being stored on his servers. Which is true as far as anyone can tell.
That said, it would appear that the web based version of Sarahah doesn’t attempt the same behaviour as the app. Those who have avoided installing anything on their phones should be perfectly fine. Although, this should be taken as a lesson in installing popular apps without taking precautions.
[Source: The Intercept]