The new app, Saraha which gets people to leave anonymous messages to other users has apparently been collecting users contact lists without their permission.
The app has had a huge surge in popularity with reportedly 18 million people having downloaded it worldwide. Sarahah describes itself as a feedback service which allows work colleagues and friends alike to leave comments about each other. Sarahah argues that this allows people from work to give constructive advice in an anonymous way, users get to know their areas of strength as well as their areas that need improvement. The same logic applies to a users personal life where it gives a channel for friends or family to be honest with you.
However, according to Bishop Fox security researcher Zachary Julian, the app collects all of your email and phone contact details and uploads them without permission. Julian posted a video showing the extraction and upload of the data happening on one of his devices.
Since then Sarahah has replied via Twitter stating that the procedure was put in place so that users could be linked up with people that they may know who are also using the Sarahah app, so that users could engage further in the feedback process with other people they knew. This function according to Sarahah was abandoned because of technical challenges and the individual who was supposed to remove it from Sarahah no longer works with the company but apparently forgot to strip the app of the contact collection feature. According to Sarahah the collected data is not being stored anywhere or being used by Sarahah in anyway, however, this is unverifiable.
Identity theft is already a major problem, and identity thieves rely heavily on personal data of genuine people that they can obtain from online sources. But personal data by itself is increasingly becoming a commodity, with various companies, governments, and even banks wanting to know as much as they can about their customers and their lives. So this kind of extraction of personal data from users is the type of practice that many people should be careful of and companies should be very clear and transparent on.