Sarahah might not be all that it seems.
The anonymous messaging app, billed as a platform for honest feedback, has reportedly also been saving all the contacts in your phone. According to The Intercept, when users download the app for the first time, “it immediately harvests and uploads all phone numbers and email addresses in your address book.” In some cases, Sarahah does ask for permission to access your contacts, but it does not disclose that it will be saving the data to its own servers.
Read: What You Need to Know About Sarahah, the Hot New Anonymous Messaging App
Sarahah’s founder, Zain al-Abidin Tawfiq, tweeted in response to The Intercept’s article, saying that the contacts were being uploaded for a planned “find your friends” feature. The feature was then delayed due to “technical issues” and was accidentally not removed from the current version of the app. He added that “the data request will be removed on next update.”
Zachary Julian, a senior security analyst at Bishop Fox, was the first to report the behavior to The Intercept. When he downloaded Sarahah to his Android phone, a monitoring software installed on the device alerted him to the fact that the app was uploading his private data. Julian reportedly found that the same occurs on iPhone, and that the app will also re-download all of your contacts if you haven’t accessed it on your phone in some time.
For more on Saraha, watch Fortune’s video:
One of the most downloaded apps, Julian estimates that it is possible that Sarahah may have already harvested hundreds of millions of phone numbers and email addresses. Rest assured though (we hope) — the app’s privacy policy notes that it will “will never sell the data you provide to any third party” without users’ prior and written consent unless part of bulk data used only for research and does not identify the user.
