adrianneima845/purgazsnab
1
0
Code Issues Actions Packages Projects Wiki
Page: Static Analysis of The DeepSeek Android App
Pages
AI Agents are Concerning Knock on the Door Of City Hall AI App Offers a Lifeline For S.Africa's Abused Women AI Starts to Assist India's Struggling Farms AOC Ridiculed for Bizarre Take On Elon Musk's Intelligence ARTIFICIAL INTELLIGENCE aND tHE FUTURE OF EDUCATION Bill Gates Issues Chilling Warning about the Future Of AI Call to end 'tech Bro' Era To Bolster National Security ChatGPT Pertains to 500,000 Brand-new Users in OpenAI's Largest AI Education Deal Yet ChatGPT Pertains to 500,000 new Users in OpenAI's Largest AI Education Deal Yet Decrypt's Art, Fashion, And Entertainment Hub DeepSeek: the Chinese aI Model That's a Tech Breakthrough and A Security Risk DeepSeek Founder Says China aI will Stop Following U.S. DeepSeek Just Insisted it's ChatGPT, and i Think that's all the Proof I Need DeepSeek R1's Implications: Winners and Losers in the Generative AI Value Chain DeepSeek-R1: Technical Overview of its Architecture And Innovations Distillation with Reasoning: can DeepSeek R1 Teach Better Than Humans? Elon Musk's new DOGE Staffer Quits Over Racist Social Network Posts Elon Musk Chief Nerd's Elaborate $1,000 Troll Scam Exploring DeepSeek-R1's Agentic Capabilities Through Code Actions How an AI-written Book Shows why the Tech 'Frightens' Creatives How To Get Rid Of Snapchat Ai? How aI Deepfake of 007 Star Left Art Gallery Owner's World in Tatters How is that For Flexibility? How to Capitalize The 'Magnificent 7' Tech Stocks How to Cash in on The 'Magnificent 7' Tech Stocks Hugging Face Clones OpenAI's Deep Research in 24 Hours Jake Paul Breaks his Silence on Canelo Alvarez Snub In Online Rant Judge Says Elon Musk's Claims of Harm from OpenAI Are A 'stretch'. Musk's Claim against OpenAI May go to Trial In Part, Judge Says Musk Polls whether DOGE Staffer who made Racist Posts must Come Back Musk Polls whether DOGE Staffer who made Racist Posts should Come Back OpenAI Announces new 'deep Research' Tool For ChatGPT OpenAI has Little Legal Recourse against DeepSeek, Tech Law Experts Say Our Brand-new Deepseek-based AI Says Panic over DeepSeek Exposes AI's Weak Foundation On Hype Parents Of Dead OpenAI Whistleblower Sue San Francisco, Alleging Murder Cover-Up Push to Ban DeepSeek from all US Government-owned Devices REVEALED: DOGE's Final Goal as It Launches Government Blitzkrieg Run DeepSeek R1 Locally - with all 671 Billion Parameters Sailing-Bigger and Faster, SailGP Back where everything Began In Sydney South Korea Ministries, Police Block DeepSeek Gain Access To Staggering Cost of Bronze Statue of Daniel Andrews In Melbourne Static Analysis of The DeepSeek Android App Superseding Indictment Charges Chinese National in Relation to Alleged Plan to Steal Proprietary AI Technology Tech Trends 2025 The Chinese aI Companies that Might Match DeepSeek's Impact The DeepSeek Doctrine: how Chinese aI Might Shape Taiwan's Future Trump's 'Ridiculous' Gaz-a-Lago Plan is the Best Hope For Palestinians Understanding DeepSeek R1 Wallarm Informed DeepSeek about its Jailbreak What Trump's Trade War Means for YOUR Investments
1 Static Analysis of The DeepSeek Android App
Adrianne Foveaux edited this page 2025-02-12 12:11:22 +01:00


I performed a static analysis of DeepSeek, a Chinese LLM chatbot, gratisafhalen.be using variation 1.8.0 from the Google Play Store. The goal was to determine potential security and personal privacy issues.

I have actually discussed DeepSeek previously here.

Additional security and personal privacy issues about DeepSeek have actually been raised.

See likewise this analysis by NowSecure of the iPhone version of DeepSeek

The findings detailed in this report are based purely on static analysis. This indicates that while the code exists within the app, there is no definitive evidence that all of it is executed in practice. Nonetheless, the presence of such code warrants analysis, particularly given the growing concerns around data personal privacy, security, the potential misuse of AI-driven applications, and cyber-espionage dynamics in between global powers.

Key Findings

Suspicious Data Handling & Exfiltration

- Hardcoded URLs direct information to external servers, raising issues about user activity tracking, such as to ByteDance "volce.com" endpoints. NowSecure recognizes these in the iPhone app the other day too.

  • Bespoke encryption and information obfuscation techniques exist, with signs that they could be utilized to exfiltrate user details.
  • The app contains hard-coded public secrets, instead of depending on the user gadget's chain of trust.
  • UI interaction tracking catches detailed user behavior without clear consent.
  • WebView manipulation exists, which could permit the app to gain access to personal external browser data when links are opened. More details about WebView controls is here

    Device Fingerprinting & Tracking

    A significant part of the examined code appears to focus on gathering device-specific details, which can be used for tracking and fingerprinting.

    - The different unique device identifiers, including UDID, Android ID, IMEI, IMSI, and carrier details.
  • System homes, set up plans, and forum.altaycoins.com root detection mechanisms recommend prospective anti-tampering procedures. E.g. probes for the presence of Magisk, a tool that personal privacy advocates and security scientists use to root their Android gadgets.
  • Geolocation and network profiling exist, indicating prospective tracking capabilities and enabling or disabling of fingerprinting routines by region.
  • Hardcoded device model lists recommend the application might act differently depending on the found hardware.
  • Multiple vendor-specific services are used to extract additional device details. E.g. if it can not figure out the gadget through basic Android SIM lookup (due to the fact that authorization was not approved), it tries manufacturer particular extensions to access the exact same details.

    Potential Malware-Like Behavior

    While no conclusive conclusions can be drawn without dynamic analysis, a number of observed behaviors line up with recognized spyware and malware patterns:

    - The app utilizes reflection and UI overlays, which could help with unauthorized screen capture or phishing attacks.
  • SIM card details, identification numbers, and other device-specific information are aggregated for unidentified purposes.
  • The app implements country-based gain access to constraints and "risk-device" detection, recommending possible surveillance systems.
  • The app implements calls to load Dex modules, where additional code is filled from files with a.so extension at runtime.
  • The.so files themselves reverse and make extra calls to dlopen(), which can be utilized to load additional.so files. This center is not typically examined by Google Play Protect and other fixed analysis services.
  • The.so files can be carried out in native code, such as C++. Making use of native code adds a layer of complexity to the analysis procedure and obscures the full level of the app's capabilities. Moreover, native code can be leveraged to more easily escalate benefits, possibly making use of vulnerabilities within the operating system or gadget hardware.

    Remarks

    While information collection prevails in contemporary applications for debugging and improving user experience, aggressive fingerprinting raises significant privacy issues. The DeepSeek app requires users to log in with a valid email, which ought to already supply adequate authentication. There is no valid reason for the app to strongly collect and transfer distinct gadget identifiers, IMEI numbers, SIM card details, and other non-resettable system properties.

    The extent of tracking observed here exceeds typical analytics practices, potentially allowing relentless user tracking and re-identification throughout devices. These behaviors, integrated with obfuscation techniques and network communication with third-party tracking services, necessitate a higher level of scrutiny from security researchers and users alike.

    The work of runtime code filling in addition to the bundling of native code recommends that the app could enable the implementation and execution of unreviewed, remotely delivered code. This is a serious potential attack vector. No proof in this report is provided that from another location released code execution is being done, only that the facility for this appears present.

    Additionally, the app's technique to identifying rooted gadgets appears extreme for an AI chatbot. Root detection is typically justified in DRM-protected streaming services, where security and material security are important, or in competitive computer game to prevent unfaithful. However, there is no clear rationale for such strict steps in an application of this nature, raising further questions about its intent.

    Users and companies thinking about setting up DeepSeek needs to understand these possible risks. If this application is being used within a business or federal government environment, extra vetting and security controls should be imposed before allowing its release on managed devices.

    Disclaimer: The analysis provided in this report is based on fixed code review and does not imply that all discovered functions are actively utilized. Further investigation is required for definitive conclusions.