The literal meaning of Sarahah is ‘honesty’ and the famous app is all about being honest to the people while staying anonymous, but it turns out the the app itself hasn’t been honest with its users after-all. Spotted by the security analyst Zachary Julian, the application uploads users’ phone contacts to the company’s servers, The Intercept reported.
After The Intercept pointed out the behavior, the app’s founder, Zain al-Abidin Tawfiq, said that contact lists are being uploaded “for a planned ‘find your friends’ feature” that was “delayed due to a technical issue.” He also tweeted “the data request will be removed on next update” and that Sarahah’s servers don’t “currently host contacts.”
Sarahah does shows interest in phone contacts clearly, as, when a user installs the app on either iOS and Android, it asks for permission to access phone contacts, but nowhere it mentions uploading them to their servers.
Zachary Julian discovered the behavior by monitoring what data Sarahah was sending and receiving from his Android phone. The app was uploading “all of email and phone contacts” on its server and the same was occurring on iOS as well.
Sarahah’s founder replied to the issue as the company isn’t doing anything with the data it collects. And, also uploading contact lists is not all that uncommon of a behavior for such apps. But either way, that information is being needlessly collected when it doesn’t really do anything.