Beware! Sarahah Breaches Anonymity, Uploads Private Contact Information

Sarahah, an anonymous feedback app that has recently exploded in popularity across the globe, is now coming under fire for privacy violations.

Sarahah is created to collect "honest feedback" from friends and employees. But what is troublesome is the app is collecting something it doesn't even need. When launched for the first time, the app uploads your contact list, including phone numbers and email addresses. Sarahah did not respond to requests for comment.

In it, writer Yael Grauer reveals the app's uploading of users' phone contacts to the company's servers. The phone comes equipped with monitoring software known as BURP Suite, which intercepts internet traffic entering and leaving the device. Julian determined that the app was uploading private data back to their server.

Julian added that the app does this all over again if you use it after a break. He did some testing on the app on a Friday night, and when he booted the app on a Sunday morning, it pushed all of his contacts again.

Considering the fact that Sarahah is built upon the anonymity principle, the use of downloading a user's phonebook data does not have a plausible reason.

Sarahah uploading address book data from The Intercept on Vimeo. "It's not just, 'Oh, this company can see my information and I'm okay with that.' You now have to think about the security of that company". "Additionally, there is no silver bullet to solving this". It also does not seem to make any functional use of the information. In the privacy policy page, it has been stated specifically that if it plans to use your data, it will ask for consent. However, according to a study by The Intercept, the application is updating the entire phone book data from the user's smartphone. Sarahah privacy concerns are now on the rise as the app has been reported to be stealing contact data. For now, it's not clear how the data is being used. Julian was using Samsung Galaxy S5 with Android 5.1.1.

As of August, the app has more than 62 million users, and it is among the most downloaded apps on the Apple App Store. He discovered this fact when he downloaded the Sarahah app on this mobile.

Newer Android operating systems, starting with Android 6.0 ("Marshmallow") do allow for more granular permissions for apps, allowing users to modify controls so that apps do not gain access to contacts or other information.

For those who have installed Sarahah but no longer wish to share their data, head over to settings apps and select the app. Guess what, this app is not as harmless as it appears to be. On both iOS and Android, there is no mention of data being uploaded to a server. Even Zain al-Abidin has acknowledged this. The typical option to search for your contacts is also missing. App's feature to send and receive anonymous messages is what caught the users' eye. The site does not ask for permissions to access contacts from any of your address books.

  • Latoya Cobb