investorschatroom.com

Sci-tech

Sarahah app uploading users' contacts to company's servers

Share
Sarahah

The anonymous feedback app, Sarahah, which has been going viral for the past few weeks, may not be as private as it may sound.

Sarahah founder, Zain al-Abidin Tawfiq, tweeted that the contact lists are being uploaded "for a planned "find your friends" feature" which was "delayed because of a technical issue". Also the researcher has shown, if the app is not used for sometime, it again re-uploads the contact, so clearly this is a feature that was known by the developer.

The platform gave people the opportunity to send anonymous messages to each other directly on the server.

Donald Trump reveals who will pay for THE WALL
Maybe the plan here is to crash the US economy so badly that Mexico builds its own wall to keep fleeing Americans out. At his Phoenix rally, he threatened to prompt a government shutdown unless Congress agreed to fund the wall.

Forecast: Mild weather expected into the weekend in the Omaha area
MONDAY: Partly to mostly cloudy skies develop for Monday, with scattered rain showers and thunderstorms possible. There is a chance of showers and thunderstorms Friday night through Sunday , the weather service said.

AIADMK factions merge, Panneerselvam sworn in as Dy CM, made Party Coordinator
AIADMK laws now do not permit the removal of a general secretary by a resolution passed by a committee or group of office bearers. Meanwhile, Chief Minister K Palaniswami has left for Tiruvarur in Thanjavur district to take part in the MGR centenary function.

It's very much possible the app isn't doing anything with the data it collects but the information does needlessly get sent to the company's servers when it really have to be. Rest assured though (we hope) - the app's privacy policy notes that it will "will never sell the data you provide to any third party" without users' prior and written consent unless part of bulk data used only for research and does not identify the user. When launched for the first time, it immediately harvests and uploads all phone numbers and email addresses in your address book. On iOS, the app says "the app needs to access your contacts to show you who has an account in Sarahah", and allows the user to choose between "Okay" and "Don't allow". When Julian tried rebooted the app after a gap on two days, all his contacts were pushed to the Sarahah servers again. "The database doesn't now host contacts and the data request will be removed on next update", he continues. However, the Sarahah app doesn't have any such feature at this moment. However this does not translate to justifying the uploading of contacts without user permission. Julian, a senior security analyst at Bishop Fox, installed the Sarahah app on a Galaxy S5 running Android 5.1.1. As of today, the app has over 62 million users.

The problem is that privacy policy specifically states that if it plans to use your data, Sarahah will ask for permission. But all but the most expensive Android phones are notoriously slow to receive updates like Marshmallow, and around 54 percent of Android users are using older versions that don't have these permissions, and users have to be savvy enough to know where to find the app permissions (Settings Apps Gear button App permissions). On both iOS and Android, there is no mention of data being uploaded to a server. The site does not ask for permissions to access contacts from any of your address books. Even if declined, users can continue to use the app.

Share