The new viral app designed to collect honest feedback from friends and colleagues is taking the world by storm. sarahah has been going viral for the past few weeks and is the third most downloaded free app in the App Store. However, it appears that the Honesty App is not at all honest with its 18+ million users.

Privacy compromised

A recent discovery recently surfaced revealing that the popular Honesty App dubbed as Sarahah is secretly transmitting the user’s contact list including email addresses and phone numbers stored on the Android operating system.

According to Senior Security Analyst Zachary Julian of Bishop Fox, upon logging into the application for the first time, the said data are automatically transmitted without the user’s knowledge. The security analyst noted that the app does this again after the user logs into the app after a break. Julian added that the app is doing the same on iOS and Android devices. Interestingly, on the latest versions of Android and iPhones, it pops up a prompt asking to access contacts.

Dev says it is for the future!

On his official Twitter account, App creator Zain Al-Abidin Tawfiq said that the user’s contact list is being uploaded for a feature that will be released in the future. He further explained that the Find Your Friends feature was just delayed because of a technical issue.

Tawfiq claimed that the database does not currently host contacts.

The developer’s response does not appear to sway Zachary Julian. He told Intercept that on Play Store, the Honesty App has between 10 and 50 million installs.

This is just for Android users, extrapolating that number could yield hundreds of millions of phone numbers and email addresses secretly transmitted.

Users of the popular Honesty App might not be happy with this feature.

The entire fun of getting anonymous feedback could be taken out of the way considering that users can guess who says what based on who uses the app in their contacts.

Trick to stop the app from sending your contacts

If you are on iOS, check your permissions. Go to Settings and look for the name of the app and stop sending your contacts. If you are on Android, 6.0 Marshmallow or later, go to Settings then to Personal and then to Apps. Look for App Permission to stop the honesty app from sending your contact list to a server.

The Sarahah app creator said that the data request will be scrapped on the next update. While uploading contact list is not a new app behavior, it is still something that should not be done without the user’s knowledge.