Your Contact List has been “Apped-Knapped”!

Redport Information Assurance
Reported in a recent Hacker News article, there is a new iOS and Android app in the app stores from Apple and Google. The app is called “Sarahah” and it has become very popular since its download release. The app took the Internet by storm. In just a few weeks the app was the third most downloaded application for iPhones and iPads. According to The Hacker News, the app has already been downloaded by an estimated 18 Million users. The app is so popular because it allows users to sign up to receive anonymized candid messages from other users of the app. unfortunately, users of the app did not know that the app silently uploaded their contacts to the app’s vendor’s servers. The vendor does not have a valid reason for the victim’s contact list downloads. As soon as the app is opened and initiated the app immediately uploads all phone numbers and email addresses from the user’s contact list for later use. The creator of Sarahah, named Zain al-Abidin Tawfiq actually validated the story by saying the app with the contacts downloaded will be used for a feature that will be implemented at a later time. However, this does not go well with a user’s privacy rights since it was not disclosed prior to users downloading the Sarahah app. Mr. Tawfiq also assured the users of the app that "the data request would be removed on the next update and that Sarahah's servers do not currently host contacts, which is, of course, impossible to verify, if they do or not for a typical user. Therefore cybersecurity researchers at Redport Information Assurance, LLC suggests that both iOS and Android users take precaution prior to loading the Sarahah application unleash until Mr. Tawfiq
has a way in verifying that his servers does not contain or will contain your contact list.

By Dr. Randall Sylvertooth

References: http://thehackernews.com/2017/08/sarahah-privacy.html
https://www.team-cymru.org/News/dnb.html


For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA