SoylentNews is people
SoylentNews
Sarahah, a new app that lets people sign up to receive anonymized, candid messages, has been surging in popularity; somewhere north of 18 million people are estimated to have downloaded it from Apple and Google’s online stores, making it the number three most downloaded free software title for iPhones and iPads.
Sarahah bills itself as a way to “receive honest feedback” from friends and employees. But the app is collecting more than feedback messages. When launched for the first time, it immediately harvests and uploads all phone numbers and email addresses in your address book. Although Sarahah does in some cases ask for permission to access contacts, it does not disclose that it uploads such data, nor does it seem to make any functional use of the information. Sarahah did not respond to requests for comment.
"Zachary Julian, a senior security analyst at Bishop Fox, discovered Sarahah's uploading of private information when he installed the app on his Android phone, a Galaxy S5 running Android 5.1.1. The phone was outfitted with monitoring software known as BURP Suite, which intercepts internet traffic entering and leaving the device, allowing the owner to see what data is sent to remote servers. When Julian launched Sarahah on the device, BURP Suite caught the app in the act of uploading his private data.
"As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system," he said. He later verified the same occurs on Apple's iOS, albeit after a prompt to "access contacts," which also appears in newer versions of Android. Julian also noticed that if you haven't used the application in a while, it'll share all of your contacts again. He did some testing on the app on a Friday night, and when he booted the app on a Sunday morning, it pushed all of his contacts again."
(Score: 5, Insightful) by RS3 on Monday August 28 2017, @02:53PM (7 children)
How is it that if I digitally transfer a copy of a song or movie file, it's theft. But somehow it's not theft if the app steals my addressbook?
Oh, I installed the app, it's OK because TOS?
OK, so if someone invites me into their home, I'm allowed to eat and drink anything I want, because TOV (Terms of my Visit).
(Score: 5, Interesting) by Virindi on Monday August 28 2017, @04:05PM (5 children)
More like you are invited into the home and respond with a large book of papers that you want the homeowner to agree to. You say, "meh it's just boilerplate" and they happily sign it without even glancing at it.
The problem is not that people are permitted to make stupid agreements. The problem is that: 1) people are too lazy to act in their own interest, 2) people value free stuff over their privacy, and 3) people expect that even if they voluntarily make a stupid agreement, someone else will protect them from their own choice. In short, the problem is cultural.
If we want to solve it we should start by teaching our kids to read every word of every contract they agree to.
(Score: 4, Insightful) by Nuke on Monday August 28 2017, @04:49PM (4 children)
Then they make the contract so fucking tedious, like as long as War and Peace that it is impractical to read it. Some software contracts are already like that.
(Score: 2, Interesting) by noneof_theabove on Monday August 28 2017, @05:44PM
ALWAYS start from the end and read back.
Analogy:
You MUST use an ink pen to answer questions.
Read ALL of the questions first.
1).......
# last on page 2-3) Sign your name in the upper right corner and turn in.
So you start read T/C and get bored because all looks ok.
On the last section they reverse everything stated in the beginning.
This IS CONTRACT LAW - and legal.
(Score: 0) by Anonymous Coward on Monday August 28 2017, @06:39PM
If we educate properly then these asshole companies will be boycotted as it violates what *will be* common sense. Yes I am being optimistic.
(Score: 0) by Anonymous Coward on Monday August 28 2017, @08:49PM
then we need to start gettign the contracts enforced very hard, very visibly, and to much pain and embarassment for everyone involved with it.
until it becomes too mentally challenging to click next to continue or whatever the phrase is used now to tap your privacy away to some cloud monetizer, it will continue. it is the default. the android OS was built to deliver ads and no one would buy it for that purpose, so it got given away for free and has allowed people to branch off of it and do things besides make calls and receive ads.
its so ubiquitous to expect the info to be out there it's like every business can buy info on a person but no person can buy the same info for themselves. this has to stop, or someone with deep pockets needs to start exposing this stuff in a very public way.
(Score: 2) by TheRaven on Tuesday August 29 2017, @08:08AM
sudo mod me up
(Score: 0) by Anonymous Coward on Monday August 28 2017, @07:28PM
Because data wants to be free?