Sarahah app is all over the place. It’s a common sighting on all major social media platforms such as Snapchat, Twitter Facebook and Instagram. It’s currently the most talked-about app in the entire world.
So what exactly is Sarahah? It is an anonymous app that allows different anonymous people to leave feedback. As a matter of fact, the name Sarahah is an Arabic word that means honesty. According to its developer, Zain Tawfiq, a Saudi Arabian developer, the app is meant to help users identify their strengths and weaknesses. Messages are sent anonymously hence help the user cannot reply to the person who sent the message or even know who it is.
The app is available for iOS and Android in both Arabic and English. According to the app’s description, the honest feedback you get will allow you to discover your areas of improvement and also your strengths.
Well, if you think that this is too good to be true, you’re not mistaken. It’s been discovered that Sarahah is uploading users’ contacts onto the company’s servers. This includes all contacts on a user’s phonebook and email address. The thing is, users are not aware of this intrusion of their privacy. As a matter of fact Bishop Forks senior security analyst, Zachary Junior, discovered this by chance when he installed the app on his Android smartphone.
This news was made known to the general public to which Zain Tawfiq responded that they were collecting contact lists to prepare for an upcoming feature. He also said that they don’t store the contacts in their databases and the data request functionality will be removed in future Sarahah releases.
BURP Suite is what we need to thank for this alarming discovery. It is a traffic analyser that intercepts all Internet traffic going into and out of a device. This allows users to see the kind of data being sent to remote servers. Julian has BURP Suite installed on his phone. When he launched Sarahah, BURP Suite immediately noted that the app was uploading his private data to an unknown server. It is not clear what Sarahah uses the contact list for. There is no mention on both Android and iOS that data is being uploaded to a server.
If you’re concerned about privacy but still want to use the app, don’t worry. You can still access all Sarahah services from their website. You are allowed to receive and send messages without having to download the app. The website doesn’t require or ask for access to your digital address book so you’re safe.