14 DAY TRIAL // Sarahah is an application that has become a hit in a matter of months, and while many Android and iOS users rushed to install it, many of them didn’t have a clue that their phone contacts are being silently uploaded to the company’s servers.
The discovery was made by security analyst Zachary Julian and reported by The Intercept, which wrote that the same behavior happens on both Android and iOS once users provide the app with access to the contact list.
While an app requesting access to the phonebook is not unusual if the app in question does provide a feature that works with contacts, not the same thing can be said about Sarahah. No such functionality is available right now, but the developer says it’s exactly this reason why the company actually uploads the phone contacts to the company’s servers.
Update to remove phone contact collection feature
Zain al-Abidin Tawfiq, the app’s founder, explained that his app harvests the contacts for a feature that will be implemented at a later time, most likely in the form of a friend list that would allow users to look up people by phone number.
Sarahah is an application that allows users to manually submit feedback about other users in an anonymous way. A search feature does exist to search for someone who you believe might be using the app, but on the other hand, no social integration is available and nor is contact list support.
The app developer promises that the contact collection feature would be removed with the next app update coming soon, pointing out that the data that was already uploaded to his servers is not being stored and contacts aren’t stored.
What’s important to know for the time being is that you can block the app from accessing your phone contacts and still use it, without risking your contacts to be uploaded to the company’s servers.