The app that allows users to secretly tell other users how they truly feel about them is being just as sneaky. The app could be collecting your data, while you share your secrets anonymously.
Sarahah, a new app that allows you to anonymously tell other users how you feel about them, which has recently taken the internet by storm and is being a little more anonymous than those who are using the app. Once the app is launched on the user’s phone the app is reportedly collecting the user’s complete contact list and any data saved, and all without informing the user that any data collection is going on.
Bishop Fox reported that Zachary Julian, a security researcher, who picked up on this issue before anyone else, states the app has been obtaining data from whichever smartphone you use; Apple or Android. The founder of the app, Zain al-Abidin Tawfiq, quickly jumped to Twitter in defense to his company that Sarahah’s data collection was only happening to assist with a feature that would assist in locating your friends, which has yet to be added, claiming delays related to technical issues.
It was delayed due to a technical issue. The database doesn't currently host contacts and the data request will be removed on next update.
— ZainAlabdin Tawfiq (@ZainAlabdin878) August 27, 2017
The Intercept was informed by Julian one of the app’s partner creators “missed” removing this data obtaining feature from the app. Including that the Sarahah reports that any collected data was not stored and the servers are now free of the feature. At this time though, no one has been able to establish validity to Tawfiq’s claims.
Sudo Security Group President, Will Strafach, has expressed that malicious parties could breach servers allowing these parties to all the contacts information or data stored, if not handled safely. As Strafach also expressed that unfortunately there is no magic fix for this. His team has put in place an iOS apps program that hunts down these behaviors, of collecting user data and call them out. Though this was proven useless since almost every app out there was doing this, and from there it’s difficult to determine how safe the servers can handle that data, which is a rather significant part.
18 million users have downloaded Sarahah from their Apple or Google store. iPhones and iPads have recently reported that as far as downloads go, this app is third for free apps. With this growing popularity, Julian believes that some major privacy concerns with come up with the data collection, because while at least asking permission before accessing the user’s data it just leaves out the key factor as to what it will collect.
Julian expressed concerns in a blog that logging into Sarahah attempts to send any phone or email contacts. iOS and Android 6+ operating systems will prompt users before access is allowed to the phone’s contacts. Though older phones, Android 5 or younger generation, still do market sharing, and only will be prompted once, during the installation. Too many just follow the motions and permit access not fully knowing how their data is being used.
Earlier this year Sarahah’s popularity exploded in the UK, US, Asian, and many more western countries. This rapid rise also brings about the concern for being abused, especially with cyberbullying.