GitLab

I conducted a fixed analysis of DeepSeek, a Chinese LLM chatbot, using version 1.8.0 from the Google Play Store. The goal was to determine potential security and personal privacy problems.

I have actually discussed DeepSeek previously here.

Additional security and privacy issues about DeepSeek have actually been raised.

See likewise this analysis by NowSecure of the iPhone variation of DeepSeek

The findings detailed in this report are based simply on fixed analysis. This indicates that while the code exists within the app, utahsyardsale.com there is no definitive evidence that all of it is performed in practice. Nonetheless, the presence of such code warrants scrutiny, especially provided the growing concerns around information privacy, security, the prospective abuse of AI-driven applications, and cyber-espionage dynamics in between global powers.

Key Findings

Suspicious Data Handling & Exfiltration

- Hardcoded URLs direct data to external servers, raising issues about user activity tracking, such as to ByteDance "volce.com" endpoints. NowSecure recognizes these in the iPhone app the other day also. - Bespoke file encryption and data obfuscation methods are present, with indications that they could be used to exfiltrate user details.

• The app contains hard-coded public secrets, instead of relying on the user gadget's chain of trust.
• UI interaction tracking catches detailed user habits without clear permission. - WebView control is present, which could enable the app to gain access to private external web browser information when links are opened. More details about WebView controls is here
  
  Device Fingerprinting & Tracking
  
  A considerable part of the analyzed code appears to concentrate on gathering device-specific details, which can be utilized for tracking and fingerprinting.
  
  - The app collects various special gadget identifiers, consisting of UDID, Android ID, IMEI, IMSI, and carrier details.
• System residential or commercial properties, installed packages, and root detection mechanisms suggest possible anti-tampering measures. E.g. probes for the existence of Magisk, a tool that privacy advocates and security researchers use to root their Android devices.
• Geolocation and network profiling exist, suggesting potential tracking abilities and allowing or disabling of fingerprinting routines by area. - Hardcoded gadget design lists suggest the application might act in a different way depending on the discovered hardware.
• Multiple vendor-specific services are utilized to extract additional gadget details. E.g. if it can not determine the gadget through basic Android SIM lookup (because permission was not approved), it tries producer particular extensions to access the very same details.
  
  Potential Malware-Like Behavior
  
  While no conclusive conclusions can be drawn without vibrant analysis, numerous observed habits line up with known spyware and malware patterns:
  
  - The app utilizes reflection and UI overlays, which might assist in unapproved screen capture or phishing attacks.
• SIM card details, serial numbers, and other device-specific data are aggregated for unknown purposes.
• The app implements country-based gain access to constraints and "risk-device" detection, recommending possible monitoring mechanisms.
• The app implements calls to fill Dex modules, where additional code is packed from files with a.so extension at runtime.
• The.so files themselves turn around and make extra calls to dlopen(), which can be utilized to fill additional.so files. This center is not usually inspected by Google Play Protect and other fixed analysis services.
• The.so files can be executed in native code, such as C++. Making use of native code adds a layer of complexity to the analysis process and obscures the full level of the app's abilities. Moreover, native code can be leveraged to more easily intensify advantages, possibly exploiting vulnerabilities within the os or device hardware.
  
  Remarks
  
  While information collection prevails in contemporary applications for debugging and enhancing user experience, aggressive fingerprinting raises considerable personal privacy concerns. The DeepSeek app needs users to visit with a legitimate email, which must currently provide adequate authentication. There is no valid reason for the app to strongly gather and transfer distinct gadget identifiers, IMEI numbers, SIM card details, and other non-resettable system properties.
  
  The degree of tracking observed here surpasses normal analytics practices, possibly allowing relentless user tracking and asteroidsathome.net re-identification throughout gadgets. These behaviors, integrated with obfuscation methods and network communication with third-party tracking services, require a greater level of examination from security researchers and users alike.
  
  The employment of runtime code packing along with the bundling of native code suggests that the app might allow the deployment and execution of unreviewed, remotely provided code. This is a severe prospective attack vector. No proof in this report is presented that from another location released code execution is being done, just that the center for this appears present.
  
  Additionally, the app's method to spotting rooted devices appears excessive for an AI chatbot. Root detection is often warranted in DRM-protected streaming services, where security and content security are vital, or in competitive computer game to prevent unfaithful. However, there is no clear reasoning for such rigorous measures in an application of this nature, raising additional concerns about its intent.
  
  Users and organizations thinking about setting up DeepSeek needs to know these possible risks. If this application is being utilized within an enterprise or government environment, extra vetting and security controls should be implemented before permitting its deployment on managed gadgets.
  
  Disclaimer: The presented in this report is based upon static code review and does not suggest that all spotted functions are actively utilized. Further examination is required for conclusive conclusions.