Sarahah application hits Google and Apple online stores, sources discovered that 18 million people are estimated to have downloaded the application. Since the viral application ranks 3rd most free downloaded app title on iphone and ipad.
Sarahah motivates its users to “get honest feedback from your coworkers and friends”. Since the application is totally anonymized, while sender couldn’t be traced for any kind of sent message to the receiver.
Merely, the application is not just developed for social craze despite it does more than giving an anonymous feedback.
The application stores user contacts and email when the user first time launches the application on his phone.
The Intercepts report discovers that the privacy breach was found by Zachary Julian who is a senior security analyst at Bishop Fox. He installed the app on his Samsung Galaxy S5 which was running Android 5.1.1 Lollipop. The interesting information about him is that Zachary had BURP Suite pre-installed on the phone which monitors traffic coming in and going out of the handset.
After observing the working of Sarahah, he found that the app started uploading his data that included phone numbers and email to Sarahah servers.
In the response to Intercept’s report, Zain al-Abidin Tawfiq, the founder of Sarahah tweeted that the app asks for contacts as a result for “find your friends” feature and soon in the next version they will remove this particular contact uploading feature.
Android 6.0 Marshmallow onwards, Android has introduced a micro-managed permissions options that ask users to allow a third-party app to read data from the smartphone among other things. With this, iOS devices help users to let them know by saying that ‘the app needs to access your contacts to show you who has an account in Sarahah’.
With all this, still most of the daily based used applications are secretly storing user information to their servers for hidden reasons.
Read some other cyber news.