SoylentNews is people
SoylentNews
Sarahah, a new app that lets people sign up to receive anonymized, candid messages, has been surging in popularity; somewhere north of 18 million people are estimated to have downloaded it from Apple and Google’s online stores, making it the number three most downloaded free software title for iPhones and iPads.
Sarahah bills itself as a way to “receive honest feedback” from friends and employees. But the app is collecting more than feedback messages. When launched for the first time, it immediately harvests and uploads all phone numbers and email addresses in your address book. Although Sarahah does in some cases ask for permission to access contacts, it does not disclose that it uploads such data, nor does it seem to make any functional use of the information. Sarahah did not respond to requests for comment.
"Zachary Julian, a senior security analyst at Bishop Fox, discovered Sarahah's uploading of private information when he installed the app on his Android phone, a Galaxy S5 running Android 5.1.1. The phone was outfitted with monitoring software known as BURP Suite, which intercepts internet traffic entering and leaving the device, allowing the owner to see what data is sent to remote servers. When Julian launched Sarahah on the device, BURP Suite caught the app in the act of uploading his private data.
"As soon as you log into the application, it transmits all of your email and phone contacts stored on the Android operating system," he said. He later verified the same occurs on Apple's iOS, albeit after a prompt to "access contacts," which also appears in newer versions of Android. Julian also noticed that if you haven't used the application in a while, it'll share all of your contacts again. He did some testing on the app on a Friday night, and when he booted the app on a Sunday morning, it pushed all of his contacts again."
(Score: 2, Insightful) by Anonymous Coward on Monday August 28 2017, @12:39PM (2 children)
Is anyone surprised that apps who ask access to your contacts do this?
Does this thing also ask for other permissions? If it asks for permissions to your calendar, I guarantee you that it uploads the stuff as well.
One of the problems is that there is a lacking in granular permissions granting. How about these:
1) Granted: you get the real data
2) Denied: you don't get any data and I want you to know you get none
3) Faked: you are told you get permission 1) but in reality you get faked data. The data is either made up every time you ask for it (and may or may not change after every request) or you always are told "Here's the list of data, what do you mean, it's empty?"
But no, there's no money in that for companies like google who want everything.
Oh, and don't get me started on resetting permissions when you install an update.
Mobile platforms are incredibly broken. It's almost at a point where you'd have to throw it all away and start over again! Where's Purism [puri.sm] or FirefoxOS or Jolla or whatever. Something that gives me control over my devices instead of saying "if you want to use this, you have no choice but to let us repeatedly fuck you up the arse with this 9inch diameter Arizona-desert cactus and you will like it and ask for more".
For fuck's sake... It's only Monday and I feel grumpy already! :(
(Score: 0) by Anonymous Coward on Monday August 28 2017, @01:08PM (1 child)
Firefox OS is abandoned, and since then, the browser has been crawling back from the brink, FINALLY getting some attention after having been left to rot for awhile.
The others, well...Jolla's around. Not widely used, but it's around. First I've heard of Purism though.
(Score: 3, Informative) by pTamok on Monday August 28 2017, @01:19PM
Jolla Sailfish OS is around, and Jolla has just announced it will be available for the Sony Xperia X phone, so lots of people who have been waiting to be able to replace their old Jolla phone hardware now have something they can move to. You have to source the Sony phone yourself, then download the Jolla Sailfish OS to it, but it is still available....just.
Official Jolla blog entry announcing it here: https://blog.jolla.com/sailfishx/ [jolla.com]
Jolla (the company) have been through some pretty tough times, and are not out of the woods yet. I use an original Jolla phone, but have no other connection to the company. Some people are less than happy about Jolla's handling of the non-production of a tablet running Sailfish OS.
There is an Indiegogo project to independently produce a tablet running Sailfish OS ( Youyota Sailfish OS 2-in-1 Tablet ). It looks interesting, but I have not committed funds to it. If you fell like doing so, do extensive research beforehand.
Link here: https://www.indiegogo.com/projects/youyota-sailfish-os-2-in-1-tablet#/ [indiegogo.com]
I have no connection with this project either.