When an Android or iOS user downloads and installs the app for the first time, the app immediately harvests and uploads all phone numbers and email addresses from the user’s address book, according to The Intercept.
While an app requesting access to the user’s phonebook is quite common if the app provides any feature that works with contacts, no such functionality in Sarahah is available right now.
“The privacy policy specifically states that if it plans to use your data, it’ll ask for your consent, while the app’s entry in Google’s Play Store does indicate the app will access contacts, that’s not enough consent to justify sending all of those contacts over without any kind of specific notification”
However, the creator of Sarahah, Zain al-Abidin Tawfiq, responded to the story by saying his app actually harvests and uploads the contacts from users to the company’s servers for a feature that will be implemented at a later time.
Tawfiq said that users’ contact lists are being uploaded “for a planned ‘find your friends’ feature,” which was “delayed due to a technical issue” and was accidentally not removed from the Sarahah’s current version.
Tawfiq also assured its users that “the data request will be removed on next update” to the app and that Sarahah’s servers do not “currently host contacts,” which is, of course, impossible to verify.
However, you can still use Sarahah by blocking the app from accessing your contacts, without risking your contacts to be uploaded to its servers.
Since newer Android operating systems (starting with Android 6.0 Marshmallow) do allow users to limit permissions for apps, users can limit permissions so that apps do not gain access to contacts or other information that doesn’t have anything to do with the app’s functioning.
To do so, Go to Settings → Personal → Apps, now under Configuration App, open App permission and limit permission of apps you like.