Industry News Mobile & Gadgets

Sarahah App steals your address book, uploads it to server

Sarahah, the third-most-downloaded free app, covertly crawls users’ phone contacts with emails and phone numbers and stores them on its servers, although its purpose is to allow anonymous feedback exchange between users, reports The Intercept.

Released only a few weeks ago, Sarahah already has 18 million downloads and has become popular in the US, UK, Australia and Ireland. In some cases, Sarahah asks for permission, as most apps do, to access data, but it doesn’t inform users that it collects it for storage, nor does it state the purposes. For now, the app has no feature that would require access to a user’s address book.

“The privacy policy specifically states that if it plans to use your data, it’ll ask for your consent, while the app’s entry in Google’s Play Store does indicate the app will access contacts, that’s not enough consent to justify sending all of those contacts over without any kind of specific notification,” said Zachary Julian, the researcher who detected the issue.

Sarahah creator Zain al-Abidin Tawfiq replied on Twitter that the app does indeed ask for contacts “for a planned ‘find your friends’ feature” and that “the Sarahah database doesn’t currently hold a single contact.” No evidence has been brought to support this claim.

Sarahah can still be used by denying it access for the contacts list and limiting permissions, or users can use it via website, without downloading it to their phone.

About the author


From a young age, Luana knew she wanted to become a writer. After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats. Luana is a supporter of women in tech and has a passion for entrepreneurship, technology, and startup culture.