I performed a static analysis of DeepSeek, a Chinese LLM chatbot, utilizing variation 1.8.0 from the Google Play Store. The objective was to identify possible security and privacy problems.

I have actually composed about DeepSeek previously here.

Additional security and privacy issues about DeepSeek have actually been raised.

See also this analysis by NowSecure of the iPhone version of DeepSeek

The findings detailed in this report are based simply on fixed analysis. This means that while the code exists within the app, there is no definitive evidence that all of it is carried out in practice. Nonetheless, the existence of such code warrants scrutiny, specifically provided the growing concerns around information privacy, security, the prospective abuse of AI-driven applications, championsleage.review and cyber-espionage characteristics between global powers.

Key Findings

Suspicious Data Handling & Exfiltration

- Hardcoded URLs direct information to external servers, raising concerns about user activity tracking, such as to ByteDance "volce.com" endpoints. NowSecure determines these in the iPhone app yesterday also. - Bespoke encryption and data obfuscation methods exist, with indicators that they might be utilized to exfiltrate user details.

• The app contains hard-coded public keys, instead of depending on the user device's chain of trust.
• UI interaction tracking catches detailed user behavior without clear approval.
• WebView adjustment is present, which might enable the app to gain access to personal external internet browser information when links are opened. More details about WebView controls is here
  
  Device Fingerprinting & Tracking
  
  A considerable portion of the examined code appears to concentrate on gathering device-specific details, which can be used for tracking and fingerprinting.
  
  - The app gathers numerous distinct gadget identifiers, including UDID, Android ID, IMEI, IMSI, and provider details.
• System properties, set up bundles, and root detection mechanisms suggest possible anti-tampering measures. E.g. probes for the existence of Magisk, a tool that personal privacy supporters and security researchers utilize to root their Android devices.
• Geolocation and network profiling are present, suggesting possible tracking capabilities and allowing or disabling of fingerprinting programs by area.
• Hardcoded device design lists suggest the application may behave differently depending upon the identified hardware. - Multiple vendor-specific services are used to draw out additional gadget details. E.g. if it can not identify the device through standard Android SIM lookup (due to the fact that consent was not given), it tries producer specific to access the same details.
  
  Potential Malware-Like Behavior
  
  While no definitive conclusions can be drawn without dynamic analysis, numerous observed behaviors line up with recognized spyware and malware patterns:
  
  - The app uses reflection and UI overlays, which could facilitate unapproved screen capture or phishing attacks.
• SIM card details, identification numbers, and other device-specific data are aggregated for unidentified functions.
• The app executes country-based gain access to constraints and "risk-device" detection, suggesting possible security systems.
• The app implements calls to load Dex modules, where extra code is filled from files with a.so extension at runtime.
• The.so files themselves turn around and make additional calls to dlopen(), which can be utilized to pack additional.so files. This facility is not generally checked by Google Play Protect and other fixed analysis services.
• The.so files can be carried out in native code, such as C++. The usage of native code adds a layer of intricacy to the analysis process and obscures the full extent of the app's capabilities. Moreover, native code can be leveraged to more quickly escalate benefits, possibly making use of vulnerabilities within the os or gadget hardware.
  
  Remarks
  
  While data collection prevails in modern applications for debugging and enhancing user experience, aggressive fingerprinting raises substantial privacy concerns. The DeepSeek app requires users to log in with a legitimate email, which should already provide sufficient authentication. There is no valid reason for the app to aggressively collect and send special gadget identifiers, IMEI numbers, SIM card details, and other non-resettable system homes.
  
  The extent of tracking observed here goes beyond normal analytics practices, possibly allowing persistent user tracking and forum.altaycoins.com re-identification across devices. These habits, combined with obfuscation techniques and network communication with third-party tracking services, warrant a greater level of scrutiny from security researchers and users alike.
  
  The work of runtime code filling as well as the bundling of native code recommends that the app might permit the deployment and execution of unreviewed, from another location delivered code. This is a severe prospective attack vector. No evidence in this report is provided that from another location released code execution is being done, only that the facility for this appears present.
  
  Additionally, the app's method to finding rooted devices appears extreme for an AI chatbot. Root detection is often warranted in DRM-protected streaming services, where security and content defense are crucial, or in competitive computer game to avoid unfaithful. However, there is no clear rationale for experienciacortazar.com.ar such stringent measures in an application of this nature, raising more concerns about its intent.
  
  Users and organizations considering setting up DeepSeek ought to be mindful of these possible risks. If this application is being utilized within a business or government environment, additional vetting and security controls should be implemented before permitting its implementation on managed gadgets.
  
  Disclaimer: The analysis presented in this report is based upon fixed code review and does not suggest that all discovered functions are actively used. Further examination is required for definitive conclusions.