Beware! Sarahah Breaches Anonymity, Uploads Private Contact Information

Sarahah lets its users comment on others anonymously but it doesn't reveal the name and neither does the app allow users to reply to a comment.

One of the most downloaded apps, Julian estimates that it is possible that Sarahah may have already harvested hundreds of millions of phone numbers and email addresses. But what is troublesome is the app is collecting something it doesn't even need. Interestingly Sarahah appears to be doing the same on iOS as well. After Intercept pointed out the behaviour, he stated "the data request will be removed on next update" and that Sarahah's servers now don't host contacts. Rest assured though (we hope) - the app's privacy policy notes that it will "will never sell the data you provide to any third party" without users' prior and written consent unless part of bulk data used only for research and does not identify the user. He stated that the feature was obstructed by "technical issues" and that a partner, who he has stopped working with, was supposed to remove it from the server but "missed that".

But Julian thinks that Sarahah uploading contacts is disconcerting, especially given the popularity of the app, and especially since most users don't expect it to occur.

NAFTA: the threat of a Trump is not afraid
The former deputy trade czar under Barack Obama said it's an obvious move and he thinks the president made it too early. At least 700,000 Americans have lost jobs due to changing trade flows resulting from NAFTA, Lighthizer asserted.

After the security flaw was uncovered, Sarahah creator, Zain al-Abidin Tawfiq tweeted that the contact storing behaviour will be removed from the app in future updates and was put in place for a "find your friends feature". However, when tested on iPhone, the app prompts a request to access the contacts. Reports from the website point at the fact that Sarahah is silently uploading the contact data of it's users on to it's servers.

"As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system", he said, later confirming the same happens on iOS. He claims that the database doesn't "host contacts" at the moment. On both iOS and Android, there is no mention of data being uploaded to a server. That's a pretty clear case of an app that can, and probably does, compromise your Contacts and the anonymity of everyone you know. Sarahah argues that this allows people from work to give constructive advice in an anonymous way, users get to know their areas of strength as well as their areas that need improvement. In the privacy policy page, it has been stated specifically that if it plans to use your data, it will ask for consent. Even if declined, users can continue to use the app.

For those who have installed Sarahah but no longer wish to share their data, head over to settings apps and select the app. And that site doesn't ask for or access contacts from any of your digital address books.

  • Delia Davidson