Jump to content

Recommended Posts

Posted

In a recent report by The Intercept, Sarahah app that’s become everyone’s favourite in the past few weeks and is aimed at giving a user constructive criticism by his/her peers was caught red-handed when a user discovered it collecting private information. Zachary Julian who is a senior security analyst at Bishop Fox installed the app on his Samsung Galaxy S5 which was running Android 5.1.1 Lollipop. What’s special about this smartphone is that Zachary had BURP Suite pre-installed on the phone which monitors traffic coming in and going out of the handset.

That is when he fired up Sarahah and found out that the app started uploading his data that included phone numbers and email to its servers. On iOS though, a pop-up message appears as he starts the app, which asks his permission to access the contacts. After The Intercept’s story, Zain al-Abidin Tawfiq, the brainchild behind Sarahah revealed in a tweet that the app asks for contacts as a result of a “find your friends” feature that couldn’t make it to the app in time due to some technical issues along with the fact that his partner whom he had stopped working with was supposed to take care of removing this issue from the app. Zain also said that the app doesn’t store any private information in its database.

Android 6.0 Marshmallow onwards, Android has introduced a micro-managed permissions options that ask users to allow a third-party app to read data from the smartphone among other things.

This particular incident also sheds light on the fact that most people do not simply care about the app asking them for permissions to access private information and they just allow it to read the data. Zain might be giving a valid reason for the app to pick up a user's data but we will never know for sure. 

yapDarV-abU

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.