Sarahah hits and Apple online stores, sources discovered that 18 million people are estimated to have downloaded the application. Since the viral application ranks 3rd most free downloaded app title on iphone and ipad.

motivates its users to “get honest feedback from your coworkers and friends”. Since the application is totally anonymized, while sender couldn’t be traced for any kind of sent message to the receiver.

Merely, the application is not just developed for social craze despite it does more than giving an anonymous feedback.

The application stores user contacts and email when the user first time launches the application on his .

The Intercepts discovers that the privacy breach was found by Zachary Julian who is a senior security analyst at Bishop Fox. He installed the app on his Samsung Galaxy S5 which was running 5.1.1 Lollipop. The interesting information about him is that Zachary had BURP Suite pre-installed on the phone which monitors traffic coming in and going out of the handset.

After observing the working of Sarahah, he found that the app started uploading his data that included phone numbers and email to Sarahah servers.

In the response to Intercept’s report, Zain al-Abidin Tawfiq, the founder of Sarahah tweeted that the app asks for contacts as a result for “find your friends” feature and soon in the next version they will remove this particular uploading feature.

- sarahah 300x178 - Sarahah secretly steals your contact list and personal details

Sarahah’s privacy policy explicitly states that it will ask for permission if the application plans to use your data. But they didn’t mention uploading user data to their servers.

Android 6.0 Marshmallow onwards, Android has introduced a micro-managed permissions options that ask users to allow a third-party app to read data from the smartphone among other things. With this, iOS devices help users to let them know by saying that ‘the app needs to access your contacts to show you who has an account in Sarahah’.

With all this, still most of the daily based used applications are storing user information to their servers for hidden reasons.

Read some other cyber news.

Source link
Based Blockchain Network


Please enter your comment!
Please enter your name here