Are you using Sarahah app? Are you also one of the Million users of Sarahah apps? So beware as the application is not so private as it really sounds.
We also earlier posted, how Sarahah is vulnerable to Cross-site scripting (XSS) and the exploit details here. Now Sarahah is again in the news for uploading the user’s contact list silently to the company’s server, found be security researcher Zachary Julian.
Sarahah is a newly launched anonymous feedback platform and has become the hottest platform in iPhone and Android apps in a couple of weeks.
Now more than 19 Million users use Sarahah apps in the world. Users signup to receive anonymous feedback from the other Sarahah users without revealing any identity to other users.
What Is The Hack?
According to Intercept, When an Android or iOS user download the apps for the first time, the app silently harvest the numbers and email address from the user’s address book. Although it does not disclose that it uploads such data to the company servers.
According to Zachary Julian, a senior security analyst at Bishop Fox, ““As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system,”.
After the article was published, the app’s creator Zain al-Abidin Tawfiq, tweeted, that the contact functionality is intended for “find your friends feature and will be removed in later updates.
However, You can still use Sarahah by controlling the app permission from accessing your contacts. Since Newer Android operating systems(starting with Android 6.0 Marshmallow) allow users to take control of permissions of apps so that apps do not gain access to contact or any other pieces of information.
To do so, Go to Settings → Application Manager, now from the listed app choose the one you want to limit the permissions, then click on the App permission tab and limit the permission.
Get more stuff like this
in your inbox
Subscribe Us And Get Latest Tech News, Hacking News, Science News, And Latest Gadgets News Directly Delivered To Your Inbox
Thank You For Subscribing. Verification Email Has Been Send To You. Please Verify !
Something Went Wrong.