Hidden Dangers in the Sarahah App
There’s a popular app—currently, the third most popular free app for iPhone and iPad, with more than 62 million users worldwide—that is not only a parents’ nightmare for their kids’ health and well-being, but is also a privacy pitfall.
Called Sarahah and developed by Zain al-Abidin Tawfiq, the app is supposed to let the user’s connections leave anonymous compliments to brighten their day, along with “constructive criticism.”
Perhaps there was some honorable intent behind it. After all, how do you tell your co-worker that he has a problem with bad breath, or tell your best friend that her fiancé is having an affair? Unfortunately, that’s not the kind of “helpful” criticism users have reported receiving. Instead, there have been character attacks, hateful rhetoric about users’ lifestyles, racist hate speech, and even instructions to “just kill yourself already.”
What makes the messages even worse is the functionality of the app: these statements supposedly come from someone you know, which is far more damaging than hate from an anonymous stranger on the internet.
Now, researchers have discovered yet another problem with Sarahah. As in any instance in which someone makes an app available for free, there’s got to be a monetization trap-door. If the app isn’t making money through things like in-app purchases or advertising, then there’s a very good chance the terms and conditions of the app allow for data gathering and sale to third parties.
According to Zachary Julian, senior security analyst at Bishop Fox, Sarahah nabs your entire address book from your contacts and email account, then uploads it to its own servers. The company issued a statement shortly after the discovery, stating that it was designed to help your contacts find you on the app and that this functionality will be removed in later versions of the app. However, that information is a goldmine to advertisers, spammers, and hackers. The ability to grab 18 million people’s contacts lists can easily mean exponentially larger pools of potential spam recipients and scam victims.
It’s always important to understand the flaws in the latest software craze before you unleash it on your device and to investigate these apps and platforms thoroughly before installing them. Your data, your identity, and even your physical safety can be at risk.
Read next: A Closer Look at your Apps’ Permissions