There’s a popular new so-called “honesty app” that allows you to send messages to your friends anonymously.
Sarahah, which means ‘honesty’ in Arabic, quickly skyrocketed to the top of Apple’s App Store in dozens of countries and stayed there since it hit the market in June.
With over four million downloads and more than 15 million active users every month, the website
described the app as one that helps you “discover your strengths and areas for improvement by receiving honest feedback from your employees and your friends in a private manner”.
The moment you download the app and create an account, you’ll start receiving messages in a feed that allows you to favourite, block or delete any message.
And of course, you have no way of knowing who the sender is or how to reply them.
Sounds innocent, right?
Turns out that Sarahah may not be as private or “honest” as it makes out to be.
When you first launch the app, it apparently saves all the contacts in your phone and uploads them to the company’s servers.
That sounds so dodgy!
This was discovered by a security analyst named Zachary Julian when he installed the app on his Android phone.
“As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system,” he told The Intercept
Prior to this, Sarahah does ask for permission to access your contacts in some instances and you can still continue to use the app even if you don’t grant access to it.
But it doesn’t necessarily disclose that it would save that information nor explain the function of this feature because there’s basically no friend list within the app.
Although there is a search feature, you can’t look for people with their phone numbers or find friends who are already using the app.
The Founder of Sarahah, Zain al-Abidin Tawfiq responded
to this soon after, saying that this is for a "planned ‘find your friends’ feature" which was "delayed due to a technical issue".
He also explained that the server doesn’t exactly hold your contacts and this data request will be removed in the app’s next update.
We’re not saying that it’s entirely bad for an app to request access to your contact list, but make sure you’re fully aware of what they’re doing with it!
Anybody wanna send us nice