A senior security analyst Zachary Julian who works for IT security consulting firm Bishop Fox was the first to discover Sarahah uploading private information, using a monitoring software BURP Suite.
The so called ‘honesty app’, Sarahah which has gone viral in the last few weeks may not be as privacy protected as you think. The app wherein you can send or receive anonymous messages, is not as anonymous as it appears as the app has been found uploading the user’s phone contacts on to the company’s server.
As per a report in The Intercept, Julian has been quoted saying: “As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system.” While the app requests its users for permission to access contacts, Julian claims that there is no such feature in the app where these contacts would be required or even a search feature where users can look up for a friend using a contact number.
Responding to this red flag, the app founder, Saudi Arabian developer Zain al-Abidin Tawfiq took to twitter to clarify. “Sarahah App asked for contacts for a planned ‘find your friends’ feature,” he tweeted. However, people are still apprehensive to freely use the app.