A senior security analyst Zachary Julian who works for IT security consulting firm Bishop Fox was the first to point out this behaviour. He discovered the app uploading private information, using a monitoring software BURP Suite. And this was first reported by The Intercept.
According to report, the app takes a user’s data including phone numbers and email addresses stored in the device’s address book.
Zain al-Abidin Tawfiq, the app’s founder, said that contact lists are being uploaded on the company’s server “for a planned ‘find your friends’ feature”.
However, the feature was “delayed due to a technical issue”.
When first launched, this app harvests and uploads all phone numbers and email addresses in your address book. https://t.co/MOfzqQ9KmI
— The Intercept (@theintercept) August 27, 2017