Did you download Sarahah?

Did you download Sarahah? Well they might have all your contacts.

Sarahah means honesty in Arabic, well they may not being so honest with you. When you installed the app it could silently upload all your contact info on to the company’s servers for no apparent reason. This was spotted first by security analyst Zachary Julian in late August 2017. On android it initially didn’t prompt to do this or ask for permission it just did it when you logged on. Now on newer android OS’s it does ask for permission to access contacts . On iOS devices it always had a prompt to access contacts.

When The Intercept reached out to the apps creator, Zain al-Abidin Tawfiq, he didn’t respond after they first posted their story on it he responded via Twitter saying that the functionality would be removed and it was originally a part of a find your friends feature. He also stated that the feature was stymied by “technical issues” and that a partner he no longer works with was supposed to remove it but must have “missed that”. He also claims that the server no longer has that functionality but there is no way to verify that.

We will see over the coming days if Mr Tawfiq is true to his word and removes the functionality from the app or if it remains.

 

Sources:

  1. https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/