Static Analysis of The DeepSeek Android App
I carried out a fixed analysis of DeepSeek, a Chinese LLM chatbot, utilizing variation 1.8.0 from the Google Play Store. The objective was to identify potential security and personal privacy concerns.
I've discussed DeepSeek formerly here.
Additional security and privacy issues about DeepSeek have been raised.
See also this analysis by NowSecure of the iPhone variation of DeepSeek
The findings detailed in this report are based purely on static analysis. This means that while the code exists within the app, there is no definitive proof that all of it is executed in practice. Nonetheless, the existence of such code warrants scrutiny, specifically given the growing issues around information privacy, security, the prospective misuse of AI-driven applications, and cyber-espionage dynamics between worldwide powers.
Key Findings
Suspicious Data Handling & Exfiltration
- Hardcoded URLs direct data to external servers, raising concerns about user activity monitoring, such as to ByteDance "volce.com" endpoints. NowSecure determines these in the iPhone app yesterday also.
- Bespoke encryption and information obfuscation methods are present, with indications that they could be utilized to exfiltrate user details.
- The app contains hard-coded public keys, instead of depending on the user gadget's chain of trust.
- UI interaction tracking catches detailed user habits without clear permission.
- WebView adjustment is present, which might enable the app to gain access to personal external web browser data when links are opened. More details about WebView adjustments is here
Device Fingerprinting & Tracking
A substantial portion of the examined code appears to concentrate on event device-specific details, which can be used for tracking and fingerprinting.
I carried out a fixed analysis of DeepSeek, a Chinese LLM chatbot, utilizing variation 1.8.0 from the Google Play Store. The objective was to identify potential security and personal privacy concerns.
I've discussed DeepSeek formerly here.
Additional security and privacy issues about DeepSeek have been raised.
See also this analysis by NowSecure of the iPhone variation of DeepSeek
The findings detailed in this report are based purely on static analysis. This means that while the code exists within the app, there is no definitive proof that all of it is executed in practice. Nonetheless, the existence of such code warrants scrutiny, specifically given the growing issues around information privacy, security, the prospective misuse of AI-driven applications, and cyber-espionage dynamics between worldwide powers.
Key Findings
Suspicious Data Handling & Exfiltration
- Hardcoded URLs direct data to external servers, raising concerns about user activity monitoring, such as to ByteDance "volce.com" endpoints. NowSecure determines these in the iPhone app yesterday also.
- Bespoke encryption and information obfuscation methods are present, with indications that they could be utilized to exfiltrate user details.
- The app contains hard-coded public keys, instead of depending on the user gadget's chain of trust.
- UI interaction tracking catches detailed user habits without clear permission.
- WebView adjustment is present, which might enable the app to gain access to personal external web browser data when links are opened. More details about WebView adjustments is here
Device Fingerprinting & Tracking
A substantial portion of the examined code appears to concentrate on event device-specific details, which can be used for tracking and fingerprinting.