It has come to light that the Sarahah application has been uploading all the contacts of the users to its servers.
In the past few weeks, the Sarahah app has created a buzz in the media thanks to the fact that all posts on the application are anonymous and that you can post on the app without having to ever log in. If you don’t know what we are talking about and want to know about the Sarahah app, then click here. The popularity of the application has stood on the claim that the app is being honest with all of its users and is guaranteeing them complete anonymity. However, it has come to light that the application has been uploading all the contacts of the users to its servers.
This abnormality was spotted by Zachary Julian who is a security analyst. It has been said that the contact details are being saved for a feature that has not released yet. Julian came across this weird behaviour when he was using monitoring software which is called BURP Suite. This software intercepts all the traffic that is entering and leaving the device and hence it allows the users to see what data has been sent to servers that are remote.
“As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system,” is what Zachary Julian has told publications. He also said that the app shares the contacts of the phone to a server if a person does not use the app for some time.
The founder of the app, ZainAlabdin Tawfiq, has gone on Twitter to say that the contacts are being uploaded to the server for a feature called ‘find your friend’. He also said that this feature has got ‘delayed due to a technical issue’. Adding to his statements, Tawfiq said that the “database doesn’t currently host contacts and the data request will be removed on next update”.
The app does ask the user for permission to access the contacts on both iOS and Android. If the user denies the app the permission, they can still continue to use the app without any glitch. The thing that has been bothering users is that the contacts are being uploaded to the server for a feature that is going to take a while to launch, if at all. Meanwhile, serious discussions are still taking place about if the app is harmless or if it is promoting cyber bullying amongst its users.