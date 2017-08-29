Moneycontrol News

The widely popular honesty app Sarahah is not being honest with its users. The mobile app has been uploading its users' contact list on the company’s servers despite, as seen in the app, there is no such feature that the app offers which requires contact details.

Zachary Julian, a senior security analyst at Bishop Fox spotted Sarahah app uploading his phone’s contacts as soon as he installed it. He used BURP Suit to catch this behaviour. The suit intercepts internet traffic entering and leaving the device thereby allowing the owner to see what data is sent to remote servers.

“As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system,” Julian told The Intercept. Julian was using Samsung Galaxy S5 with Android 5.1.1. However, when tested on iPhone, the app prompts a request to access the contacts.

Sarahah creator Zain Alabdin Tawfiq earlier tweeted that the app asks "for contacts for a planned 'find your friends' feature". He further said that the feature got “delayed due to a technical issue.”



Sarahah App asked for contacts for a planned "find your friends" feature

— ZainAlabdin Tawfiq (@ZainAlabdin878) August 27, 2017



It was delayed due to a technical issue. The database doesn't currently host contacts and the data request will be removed on next update.

— ZainAlabdin Tawfiq (@ZainAlabdin878) August 27, 2017

“The database doesn't currently host contacts and the data request will be removed on next update,” he added.

However, this is not uncommon for free apps like Sarahah to access user’s phone contacts. But what is troublesome is the app is collecting something it doesn’t even need.

As of August, the app has more than 62 million users, and it is among the most downloaded apps on the Apple App Store.