If you have been scrolling through social media the past few days, you would have realised that your friends have been posting weird screenshots of messages against a teal background and asking who has been sending them. These messages range from cute to downright weird, as the cover of anonymity makes a person bolder since they can say whatever they want. Sort of like those keyboard warriors lurking all over the internet, eh!
Sarahah is defined as a messaging app that allows other people to leave you a feedback, anonymously. It was originally meant to collect “honest, constructive feedback” but it soon evolved into people making funny jokes, heartwarming compliments, weird comments and sometimes even confessions of love. FYI, the love confession doesn’t work well if they don’t know who you are though!
The app that was created by Zain al-Abidin Tawfiq, a Saudi Arabian, has already been a global hit despite users not having any way to reply to the commenters at all. However, while the app is completely free to use, it seems that users who download the app are indirectly paying for it in another way, by giving access to their contacts through Sarahah.
This was first spotted by the Intercept who reported that Zachary Julian, a senior security analyst at Bishop Fox, discovered that the app uploaded all our digital address book into their servers. Using a monitoring software, Julian managed to catch Sarahah uploading all the details and said, “As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system.” It happens for the iOS system as well.
When the news was first exposed, Sarahah’s founder did not make any comments but later he tweeted that they did indeed have this feature, which was intended for a “planned ‘find your friends’ feature”. He also told Intercept that, “the feature was stymied by ‘technical issues’ and that a partner, whom he has since stopped working with, was supposed to remove it from the app but ‘missed that’.”
He has since claimed that they do not store any of these information on their servers. While there have been instances where the app asks for permission to access your contacts, it is unclear what is the purpose as it does not need to access your address book at all. Luckily, you can still use the app even if you deny access to contacts!
According to Threat Post, Tawfiq has since vowed that he would remove this feature in the app’s next update, however, it is still unclear when the next scheduled update will be but they did mention somewhere in early September. Don’t fret if you really want to use this app because they have a website version that doesn’t require any access to contacts at all.
So, remember to check your privacy settings when you download a new app!