Published On: Mon, Aug 28th, 2017

Viral “Honesty App” Sarahah Discovered Stealing User Data

Sarahah is designed to collect “honest feedback” from friends and employees. But, Zachary Julian, a comparison confidence researcher during Bishop Fox, detected that a app’s been collecting some-more than that.

The new viral app that allows people to accept unknown messages has already gained a lot of courtesy due to cyberbullying. However, a 18+ million users are in for another surprise. The no 3 many downloaded giveaway app in a App Store has apparently been hidden your whole hit list. When regulating his Samsung Galaxy S5 regulating Android 5.1.1 Lollipop, Julian saw a app uploading his private information to a remote server. When launched for a initial time, a app uploads your hit list, including phone numbers and email addresses.

screen-shot-2017-08-04-at-3-00-17-amRelated What is Sarahah and Why is it Raising Concerns of Cyber Bullying?

“As shortly as we record into a application, it transmits all of your email and phone contacts stored on a Android handling system.”

Julian combined that a app does this all over again if we use it after a break. For example, he tested a app on Friday night and when he booted it adult again on Sunday morning, it uploaded all his contacts once again. The confidence researcher reliable that a app is doing a same on both a Android and iOS devices.

However, on a latest Android versions and iPhones, it is seeking for a prompt to “access contacts,” though but any justification of because it’s doing so.

Sarahah developer says a app’s doing so for a destiny feature

The app’s creator, Zain Al-Abidin Tawfiq, has pronounced that a hit lists are being uploaded “for a designed ‘find your friends’ feature,” that has been “delayed due to a technical issue.” He claims that a database doesn’t “host contacts” during a moment. Even if that’s a case, Sarahah users competence not be happy with this underline deliberation it could take a whole fun of anonymity out of a approach with users being means to theory formed on who uses a app in their hit list.

However, Julian doesn’t seem tender (video test). “The privacy policy specifically states that if it skeleton to use your data, it’ll ask for your consent,” he told a Intercept. “Sarahah has between 10 and 50 million installs on only a Play Store alone for Android, so if we extrapolate that number, it could simply get into hundreds of millions of phone numbers and email addresses that they’ve harvested.”

If we are a Sarahah user, we can check a permissions on iOS from Settings Sarahah. On Android, if we are regulating Android 6.0 Marshmallow or later, we can go to Settings  Personal  Apps  App Permission to stop a app from promulgation your contacts to a server.

Tawfiq has positive that “the information ask will be private on subsequent update” sent to Sarahah.

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>