Skip to main content

Beware! Viral Sarahah App Secretly Steals Your Entire Contact List


Are you also one of those 18 Million users using SARAHAH?

You should beware of this app because the anonymous feedback application may not be as private as it really sounds. Sarahah is a newly launched app that has become one of the hottest iPhone and Android apps in the past month, allowing its users to sign up to receive anonymised, candid messages from other Sarahah users.

However, it turns out that the app silently uploads users' phone contacts to the company's servers for no good reason, spotted by security analyst Zachary Julian.

When an Android or iOS user downloads and installs the app for the first time, the app immediately harvests and uploads all phone numbers and email addresses from the user's address book, according to The Intercept.

While an app requesting access to the user's phonebook is quite common if the app provides any feature that works with contacts, no such functionality in Sarahah is available right now.

"The privacy policy specifically states that if it plans to use your data, it'll ask for your consent, while the app's entry in Google's Play Store does indicate the app will access contacts, that's not enough consent to justify sending all of those contacts over without any kind of specific notification" However, the creator of Sarahah, Zain al-Abidin Tawfiq, responded to the story by saying his app actually harvests and uploads the contacts from users to the company's servers for a feature that will be implemented at a later time.


Tawfiq said that users' contact lists are being uploaded "for a planned 'find your friends' feature," which was "delayed due to a technical issue" and was accidentally not removed from the Sarahah's current version.

Tawfiq also assured its users that "the data request will be removed on next update" to the app and that Sarahah's servers do not "currently host contacts," which is, of course, impossible to verify.

Sarahah took the Internet by storm within few weeks, making the app the third most downloaded free application software for iPhones and iPads. The app has already been downloaded by an estimated 18 Million users from Apple and Google’s online stores.

However, you can still use Sarahah by blocking the app from accessing your contacts, without risking your contacts to be uploaded to its servers.

Since newer Android operating systems (starting with Android 6.0 Marshmallow) do allow users to limit permissions for apps, users can limit permissions so that apps do not gain access to contacts or other information that doesn't have anything to do with the app's functioning.

To do so, Go to Settings → Personal → Apps, now under Configuration App, open App permission and limit permission of apps you like.

Comments

Post a Comment

Popular posts from this blog

Is Blockchain the new digital era ?

There is nothing more powerful than an idea, whose time has come. What is Blockchain ?  Blockchain is a set of growing records that are bound with one another using cryptographic algorithms. It allows records, called as blocks to be distributed among different system without being copied. Imagine that, you can see all the transactions that are being carried out in your bank. The main ledger, if is seen by thousands of people, would there be any malpractice anymore. The prime idea of blockchain was for Bitcoin, but now the tech community is now finding other potential uses for the technology. What is Bitcoin ? It is the first decentralized digital currency, as the system works without a central bank or single administrator. The system works as a peer-to-peer network, in which transactions take place between users directly, without an intermediary. These transactions are verified by blockchain. Bitcoin was invented by an unknown person or group of people using
Post a Comment
Read more

FBI Has Successfully Unlocked Terrorist's iPhone Without Apple's Help

End of Apple vs. FBI . At least for now, when the FBI has unlocked iPhone successfully. Yes, you heard it right. The Federal Bureau of Investigation (FBI) has unlocked dead terrorist's iPhone 5C involved in the San Bernardino shooting without the help of Apple. After weeks of arguments, the United States government is withdrawing its motion compelling Apple to build a backdoored version of its iOS that can help the agency unlock iPhone of San Bernardino gunman Syed Farook. The Department of Justice (DOJ) says that FBI has successfully accessed iPhone's data with the help of an undisclosed alternative method and that it no longer needs Apple's assistance. "The government has now successfully accessed the data stored on Farook's iPhone and therefore no longer requires the assistance of Apple," the attorneys wrote in a court filing Monday. "Accordingly, the government hereby requests that the Order Compelling Apple Inc to Assist Agents in S
Post a Comment
Read more