Saturday , October 21 2017
Home / Cyber News / Sarahah secretly steals your contact list and personal details
Sarahah secretly steals contact list personal details
Sarahah secretly steals contact list personal details

Sarahah secretly steals your contact list and personal details

Sarahah application hits Google and Apple online stores, sources discovered that 18 million people are estimated to have downloaded the application. Since the viral application ranks 3rd most free downloaded app title on iphone and ipad.

Sarahah motivates its users to “get honest feedback from your coworkers and friends”. Since the application is totally anonymized, while sender couldn’t be traced for any kind of sent message to the receiver.

Merely, the application is not just developed for social craze despite it does more than giving an anonymous feedback.

The application stores user contacts and email when the user first time launches the application on his phone.

The Intercepts report discovers that the privacy breach was found by Zachary Julian who is a senior security analyst at Bishop Fox. He installed the app on his Samsung Galaxy S5 which was running Android 5.1.1 Lollipop. The interesting information about him is that Zachary had BURP Suite pre-installed on the phone which monitors traffic coming in and going out of the handset.

After observing the working of Sarahah, he found that the app started uploading his data that included phone numbers and email to Sarahah servers.

In the response to Intercept’s report, Zain al-Abidin Tawfiq, the founder of Sarahah tweeted that the app asks for contacts as a result for “find your friends” feature and soon in the next version they will remove this particular contact uploading feature.

Sarahah’s privacy policy explicitly states that it will ask for permission if the application plans to use your personal data. But they didn’t mention uploading user data to their servers.

Android 6.0 Marshmallow onwards, Android has introduced a micro-managed permissions options that ask users to allow a third-party app to read data from the smartphone among other things. With this, iOS devices help users to let them know by saying that ‘the app needs to access your contacts to show you who has an account in Sarahah’.

With all this, still most of the daily based used applications are secretly storing user information to their servers for hidden reasons.

Read some other cyber news.

About Kamran Mohsin

Kamran Mohsin
I'm a software engineer by profession, a passionate and experienced web designer, developer and blogger. I use to work with programming languages on daily basis and works to get something new into my knowledge prior to what I had before. I write blogs about information security, WordPress, various ways to make money and more.

Check Also

Blue Whale

Reality Behind The “Blue Whale”, The Suicide Game

Reality Behind The “Blue Whale”, The Suicide Game. For the past few days there has …

Leave a Reply

Your email address will not be published. Required fields are marked *