Friday , May 22 2020
Home / Cyber News / Sarahah secretly steals your contact list and personal details
Sarahah secretly steals contact list personal details
Sarahah secretly steals contact list personal details

Sarahah secretly steals your contact list and personal details

Sarahah application hits Google and Apple online stores, sources discovered that 18 million people are estimated to have downloaded the application. Since the viral application ranks 3rd most free downloaded app title on iphone and ipad.

Sarahah motivates its users to “get honest feedback from your coworkers and friends”. Since the application is totally anonymized, while sender couldn’t be traced for any kind of sent message to the receiver.

Merely, the application is not just developed for social craze despite it does more than giving an anonymous feedback.

The application stores user contacts and email when the user first time launches the application on his phone.

The Intercepts report discovers that the privacy breach was found by Zachary Julian who is a senior security analyst at Bishop Fox. He installed the app on his Samsung Galaxy S5 which was running Android 5.1.1 Lollipop. The interesting information about him is that Zachary had BURP Suite pre-installed on the phone which monitors traffic coming in and going out of the handset.

After observing the working of Sarahah, he found that the app started uploading his data that included phone numbers and email to Sarahah servers.

In the response to Intercept’s report, Zain al-Abidin Tawfiq, the founder of Sarahah tweeted that the app asks for contacts as a result for “find your friends” feature and soon in the next version they will remove this particular contact uploading feature.

Sarahah’s privacy policy explicitly states that it will ask for permission if the application plans to use your personal data. But they didn’t mention uploading user data to their servers.

Android 6.0 Marshmallow onwards, Android has introduced a micro-managed permissions options that ask users to allow a third-party app to read data from the smartphone among other things. With this, iOS devices help users to let them know by saying that ‘the app needs to access your contacts to show you who has an account in Sarahah’.

With all this, still most of the daily based used applications are secretly storing user information to their servers for hidden reasons.

Read some other cyber news.

About Kamran Mohsin

Kamran Mohsin
Kamran Mohsin is a Certified Ethical Hacker. Currently working as a Penetration Tester within a private company in Pakistan. He is also doing Masters in information Security. He worked in web development (front-back-end) from recent back years. With the passage of time he took interest in Hacking and started to write blogs on IS from late 2015.

Check Also

iran hit by massive cyber attack

Iran hit by massive cyber attack that left U.S. flag on screens

Iran’s IT Minister Mohammad Javad Azari-Jahromi posted a picture of a computer screen on Twitter …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: