The application that is causing Sarahah fever silently steals user contacts

Sarahah is a new app but has quickly become one of the hottest apps on iPhone and Android in the past few weeks. When you join the application, you will receive an anonymous message from other Sarahah users.

But security analyst Zachary Julian discovered that the application silently downloads user contacts to the company's server.

According to The Intercept, when users first download and install the app, Sarahah will immediately retrieve and download all phone numbers and email addresses from their phones.

If the application has a contact-related feature, it is normal to access user contacts. But now Sarahah has no features related.

Sarahah collects and downloads all user contacts to the server

'The privacy policy says that if any user data is intended, the application will ask for access. Although the description on Google Play Store also says that the application will access the contacts, but that does not mean it is sent without notice. '

Zain al-Abidin Tawfiq, the owner of Sarahah, said that his application does indeed get and download user contacts on the company's server, but to serve a future feature called 'find friends. . This feature is currently delayed by a technical error but has not been removed from the current version of the application.

Tawfiq also ensured that 'requesting data will be dropped during the next update' and Sarahah's server does not store contacts, although this is unverifiable.

Sarahah caused storms in a few weeks, making it the 3rd most downloaded free app for iPhone and iPad. It has been downloaded by about 18 million users from Apple and Google stores.

You can still use Sarahah by blocking access to contacts. From the new Android OS (6.0 Marshmallow) Android allows restricting access to applications. You can change the settings at Settings > Personal > Apps. Under the Configuration App section , open the App Permission and limit the permissions of the application you choose.