Sarahah might not be all that it seems.
The anonymous messaging app, billed as a platform for honest feedback, has reportedly also been saving all the contacts in your phone. According to The Intercept, when users download the app for the first time, “it immediately harvests and uploads all phone numbers and email addresses in your address book.” In some cases, Sarahah does ask for permission to access your contacts, but it does not disclose that it will be saving the data to its own servers.
Sarahah’s founder, Zain al-Abidin Tawfiq, tweeted in response to The Intercept’s article, saying that the contacts were being uploaded for a planned “find your friends” feature. The feature was then delayed due to “technical issues” and was accidentally not removed from the current version of the app. He added that “the data request will be removed on next update.”
Zachary Julian, a senior security analyst at Bishop Fox, was the first to report the behavior to The Intercept. When he downloaded Sarahah to his Android phone, a monitoring software installed on the device alerted him to the fact that the app was uploading his private data. Julian reportedly found that the same occurs on iPhone, and that the app will also re-download all of your contacts if you haven’t accessed it on your phone in some time.
For more on Saraha, watch Fortune’s video: