Sarahah, the third-most-downloaded free app, covertly crawls users’ phone contacts with emails and phone numbers and stores them on its servers, although its purpose is to allow anonymous feedback exchange between users, reports The Intercept.
Released only a few weeks ago, Sarahah already has 18 million downloads and has become popular in the US, UK, Australia and Ireland. In some cases, Sarahah asks for permission, as most apps do, to access data, but it doesn’t inform users that it collects it for storage, nor does it state the purposes. For now, the app has no feature that would require access to a user’s address book.
Sarahah creator Zain al-Abidin Tawfiq replied on Twitter that the app does indeed ask for contacts “for a planned ‘find your friends’ feature” and that “the Sarahah database doesn’t currently hold a single contact.” No evidence has been brought to support this claim.
Sarahah can still be used by denying it access for the contacts list and limiting permissions, or users can use it via website, without downloading it to their phone.