from the questionable-behavior dept.
Sarahah, a new app that lets people sign up to receive anonymized, candid messages, has been surging in popularity; somewhere north of 18 million people are estimated to have downloaded it from Apple and Google’s online stores, making it the number three most downloaded free software title for iPhones and iPads.
Sarahah bills itself as a way to “receive honest feedback” from friends and employees. But the app is collecting more than feedback messages. When launched for the first time, it immediately harvests and uploads all phone numbers and email addresses in your address book. Although Sarahah does in some cases ask for permission to access contacts, it does not disclose that it uploads such data, nor does it seem to make any functional use of the information. Sarahah did not respond to requests for comment.
"Zachary Julian, a senior security analyst at Bishop Fox, discovered Sarahah's uploading of private information when he installed the app on his Android phone, a Galaxy S5 running Android 5.1.1. The phone was outfitted with monitoring software known as BURP Suite, which intercepts internet traffic entering and leaving the device, allowing the owner to see what data is sent to remote servers. When Julian launched Sarahah on the device, BURP Suite caught the app in the act of uploading his private data.
"As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system," he said. He later verified the same occurs on Apple's iOS, albeit after a prompt to "access contacts," which also appears in newer versions of Android. Julian also noticed that if you haven't used the application in a while, it'll share all of your contacts again. He did some testing on the app on a Friday night, and when he booted the app on a Sunday morning, it pushed all of his contacts again."
Sarahah, the anonymous messaging app founded in Saudi Arabia that became an unexpected viral sensation with teens, clocking up over 300 million registered users before getting banned by Apple and Google over bullying, is making a return to the App Store — but not as you might think.
The startup has launched a new, free iOS app called Enoff (pronounced "enough") aimed at organizations, tapping into the wave of employee activism and speaking out about unfair practices to provide a way for people in a team to give anonymous, one-way feedback to bosses and human resources reps. An Android version of Enoff is coming "very soon," according to CEO and founder Zain al-Alabdin Tawfiq.
Available also on the web, the aim is to provide a way to give feedback in cases of harassment, corruption and other tricky workplace situations where employees might fear repercussions for speaking out.
Easy way to monetize app: allow bosses to pay to unmask users.
Also at Wired.
Related: Anonymous Social App Raises Controversy on College Campuses
Square Hires Yik Yak's Engineers, Leaving Fewer Than 10 Employees Behind
Japan's Recruit Holdings Co. Acquires Glassdoor for $1.2 Billion