Sarahah: Sarahah is an anonymous messaging service which has spread globally like a wildfire. It has gained a position in three most used app in a short period. It is very famous among the teenagers from past weeks. A person has to registers in Sarahah and can send or post the link publically or to friends. Anonymous people can use that link to send messages. The recipient couldn’t identify the sender at any cost. The Recipient has no control to send messages to that anonymous person.
The question arises that is Sarahah safe for the teens or your device. From last two weeks, a report is viral about the security feature of Sarahah. According to the report, the app is not safe for the users. The app uploads the user’s phone contacts and emails to the company’s servers for no purpose. The vulnerability was discovered by a security analyst Zachary Julian. The Intercept was the first to post the report of Sarahah feature’s vulnerability.
The app was launched by Zain al-Abidin Tawfiq. He said that the app obtains contact lists for a feature which is not working now for some technical reasons. The feature is known as ‘find your friends’ and will soon arrive on the user’s devices. After the post of The Intercept, he tweeted that the technical issue will get solved with the next update. He further added that the app’s server doesn’t manage users contact for now.
If you have downloaded Sarahah on your device, then you must be knowing that it asks permission to access your contacts list at the time of installing. If you clicked on ‘no’ then also you can start using the app without any trouble. As you know, friends list feature is not included in this app so you cannot search your friends by phone number. The permission of accessing the contact list is of no use for now. You cannot even know your friends who are using this app.
Zachary Julian observed the function of the app by using a monitoring software. He concluded that the app was transferring and accepting all email and the contact list of his Android device. He observed the same problem with the iOS devices as well. Generally, the server obtains contact lists for some purpose, but this app takes data without any reason.
Previously, we have seen that Unroll.me application was transferring contact list data to their server and they were selling those data to Uber. Most of the users complained that this activity of Sarahah is without their permission. Although, the company claimed that this action will be discontinued in the upcoming update.