I performed a static analysis of DeepSeek, a Chinese LLM chatbot, using version 1.8.0 from the Google Play Store. The objective was to identify prospective security and privacy problems.

I have actually composed about DeepSeek previously here.

Additional security and privacy concerns about DeepSeek have been raised.

See also this analysis by NowSecure of the iPhone version of DeepSeek

The findings detailed in this report are based simply on static analysis. This implies that while the code exists within the app, there is no conclusive evidence that all of it is performed in practice. Nonetheless, library.kemu.ac.ke the presence of such code warrants scrutiny, specifically given the growing concerns around information privacy, surveillance, the prospective abuse of AI-driven applications, and cyber-espionage dynamics between global powers.

Key Findings

Suspicious Data Handling & Exfiltration

- Hardcoded URLs direct data to external servers, raising issues about user activity tracking, such as to ByteDance "volce.com" endpoints. NowSecure recognizes these in the iPhone app the other day too.

• Bespoke encryption and data obfuscation approaches exist, with indicators that they might be utilized to exfiltrate user details.
• The app contains hard-coded public keys, instead of relying on the user gadget's chain of trust.
• UI interaction tracking records detailed user behavior without clear approval. - WebView control exists, which could enable the app to gain access to private external web browser data when links are opened. More details about WebView manipulations is here
  
  Device Fingerprinting & Tracking
  
  A considerable portion of the evaluated code appears to focus on gathering device-specific details, which can be utilized for tracking and fingerprinting.
  
  - The app gathers numerous special device identifiers, including UDID, Android ID, IMEI, IMSI, and carrier details.
• System residential or commercial properties, set up packages, and root detection mechanisms recommend possible anti-tampering steps. E.g. probes for the existence of Magisk, a tool that privacy advocates and security scientists use to root their Android devices.
• Geolocation and network profiling are present, showing prospective tracking capabilities and allowing or disabling of fingerprinting regimes by area.
• Hardcoded device model lists suggest the application may act in a different way depending upon the discovered hardware. - Multiple vendor-specific services are utilized to extract additional device details. E.g. if it can not figure out the gadget through basic Android SIM lookup (since consent was not granted), it attempts maker particular extensions to access the same details.
  
  Potential Malware-Like Behavior
  
  While no conclusive conclusions can be drawn without vibrant analysis, several observed habits align with known spyware and malware patterns:
  
  - The app utilizes reflection and UI overlays, which could assist in unapproved screen capture or phishing attacks.
• SIM card details, serial numbers, and other device-specific data are aggregated for unknown functions.
• The app implements country-based gain access to constraints and "risk-device" detection, recommending possible surveillance mechanisms.
• The app implements calls to pack Dex modules, where extra code is filled from files with a.so extension at runtime.
• The.so submits themselves turn around and make extra calls to dlopen(), which can be utilized to fill additional.so files. This facility is not usually inspected by Google Play Protect and other static analysis services.
• The.so files can be executed in native code, such as C++. Using native code includes a layer of complexity to the analysis process and obscures the full extent of the app's abilities. Moreover, native code can be leveraged to more quickly intensify advantages, potentially making use of vulnerabilities within the operating system or gadget hardware.
  
  Remarks
  
  While information collection prevails in modern-day applications for debugging and enhancing user experience, aggressive fingerprinting raises substantial privacy concerns. The DeepSeek app requires users to log in with a valid email, which must already provide sufficient authentication. There is no valid factor for the app to aggressively collect and send distinct device identifiers, IMEI numbers, SIM card details, and other non-resettable system residential or commercial properties.
  
  The extent of here exceeds common analytics practices, possibly enabling persistent user tracking and re-identification across gadgets. These behaviors, combined with obfuscation techniques and network interaction with third-party tracking services, require a higher level of analysis from security scientists and users alike.
  
  The employment of runtime code filling as well as the bundling of native code suggests that the app could permit the release and execution of unreviewed, remotely provided code. This is a serious potential attack vector. No evidence in this report is presented that remotely deployed code execution is being done, only that the facility for this appears present.
  
  Additionally, the app's technique to finding rooted gadgets appears extreme for an AI chatbot. Root detection is often justified in DRM-protected streaming services, where security and content security are critical, or historydb.date in competitive computer game to prevent unfaithful. However, utahsyardsale.com there is no clear reasoning for such stringent procedures in an application of this nature, raising additional questions about its intent.
  
  Users and companies thinking about setting up DeepSeek should know these possible dangers. If this application is being used within an enterprise or federal government environment, extra vetting and security controls need to be imposed before enabling its implementation on handled gadgets.
  
  Disclaimer: The analysis provided in this report is based on fixed code evaluation and does not suggest that all discovered functions are actively utilized. Further investigation is needed for conclusive conclusions.