abigailwaugh2/webpro
1
0
Code Issues Actions Packages Projects Wiki
Page: Static Analysis of The DeepSeek Android App
Pages
AI App Offers a Lifeline For S.Africa's Abused Women AI Starts to help India's Struggling Farms AOC Ridiculed for Bizarre Take On Elon Musk's Intelligence Applied aI Tools Bill Gates Issues Chilling Warning about the Future Of AI Call to end 'tech Bro' Era To Bolster National Security Decrypt's Art, Fashion, And Entertainment Hub DeepSeek: the Chinese aI Model That's a Tech Breakthrough and A Security Risk DeepSeek Just Insisted it's ChatGPT, and i Think that's all the Proof I Need DeepSeek R1's Implications: Winners and Losers in the Generative AI Value Chain DeepSeek-R1: Technical Overview of its Architecture And Innovations DeepSeek aI will Reshape Business and Ethics For Nigerian Leaders Distillation with Reasoning: can DeepSeek R1 Teach Better Than Humans? EXPERT SYSTEM aND tHE FUTURE OF EDUCATION Elon Musk's TIME Magazine Cover has Everybody Saying the Exact same Thing Elon Musk Chief Nerd's Elaborate $1,000 Troll Scam Experts Share DeepSeek Warning as it Sparks 'Lord of The Rings Race' Exploring DeepSeek-R1's Agentic Capabilities Through Code Actions Get Instant Access To Breaking News How an AI-written Book Shows why the Tech 'Frightens' Creatives How To Get Rid Of Snapchat Ai? How aI Deepfake of 007 Star Left Art Gallery Owner's World in Tatters Hugging Face Clones OpenAI's Deep Research in 24 Hours MIDAS SHARE TIPS: Bytes Technology Ready to Rebound after A Hard Year MIDAS SHARE TIPS: Bytes Technology Ready to Rebound after a Tough Year OpenAI Announces new 'deep Research' Tool For ChatGPT OpenAI has Little Legal Recourse Versus DeepSeek, Tech Law Experts Say Panic over DeepSeek Exposes AI's Weak Foundation On Hype Parents Of Dead OpenAI Whistleblower Sue San Francisco, Alleging Murder Cover-Up Push to Ban DeepSeek from all US Government-owned Devices REVEALED: DOGE's Final Goal as It Launches Government Blitzkrieg Run DeepSeek R1 Locally - with all 671 Billion Parameters Sailing-Bigger and Faster, SailGP Back where it all Began In Sydney Schulman Left OpenAI in August 2025 South Korea Ministries, Police Block DeepSeek Gain Access To Staggering Cost of Bronze Statue of Daniel Andrews In Melbourne Static Analysis of The DeepSeek Android App Superseding Indictment Charges Chinese National in Relation to Alleged Plan to Steal Proprietary AI Technology Tech Trends 2025 Trump Fires Kennedy Center Board and Names himself Chairman Wallarm Informed DeepSeek about its Jailbreak What Trump's Trade War Means for YOUR Investments What is Artificial General Intelligence: A 2025 Beginner's Guide
1 Static Analysis of The DeepSeek Android App
Abigail Waugh edited this page 2025-02-10 21:00:43 +07:00


I conducted a static analysis of DeepSeek, wiki.myamens.com a Chinese LLM chatbot, using variation 1.8.0 from the Google Play Store. The goal was to recognize prospective security and personal privacy issues.

I've composed about DeepSeek previously here.

Additional security and personal privacy issues about DeepSeek have actually been raised.

See also this analysis by NowSecure of the iPhone version of DeepSeek

The findings detailed in this report are based purely on fixed analysis. This means that while the code exists within the app, there is no conclusive evidence that all of it is carried out in practice. Nonetheless, the existence of such code warrants analysis, particularly offered the growing concerns around information personal privacy, security, the possible abuse of AI-driven applications, and cyber-espionage characteristics in between worldwide powers.

Key Findings

Suspicious Data Handling & Exfiltration

- Hardcoded URLs direct data to external servers, raising issues about user activity tracking, such as to ByteDance "volce.com" endpoints. NowSecure recognizes these in the iPhone app yesterday too.

  • Bespoke file encryption and data obfuscation methods are present, with signs that they might be used to exfiltrate user details.
  • The app contains hard-coded public secrets, instead of counting on the user gadget's chain of trust.
  • UI interaction tracking catches detailed user behavior setiathome.berkeley.edu without clear approval.
  • WebView adjustment exists, which might allow for the app to gain access to private external browser data when links are opened. More details about WebView adjustments is here

    Device Fingerprinting & Tracking

    A considerable part of the examined code appears to concentrate on event device-specific details, which can be used for tracking and fingerprinting.

    - The app gathers various special gadget identifiers, including UDID, nerdgaming.science Android ID, IMEI, IMSI, and provider details.
  • System residential or commercial properties, installed packages, and root detection mechanisms recommend possible anti-tampering steps. E.g. probes for the existence of Magisk, a tool that privacy supporters and security scientists utilize to root their Android gadgets.
  • Geolocation and network profiling are present, suggesting prospective tracking capabilities and allowing or disabling of fingerprinting routines by area. - Hardcoded gadget design lists suggest the application might act in a different way depending upon the discovered hardware.
  • Multiple vendor-specific services are used to draw out extra gadget details. E.g. if it can not identify the gadget through standard Android SIM lookup (due to the fact that permission was not granted), it attempts maker specific extensions to access the exact same details.

    Potential Malware-Like Behavior

    While no definitive conclusions can be drawn without dynamic analysis, a number of observed habits line up with known spyware and malware patterns:

    - The app uses reflection and UI overlays, which might facilitate unauthorized screen capture or phishing attacks.
  • SIM card details, serial numbers, and other device-specific data are aggregated for unknown purposes.
  • The app executes country-based gain access to constraints and "risk-device" detection, recommending possible surveillance systems.
  • The app carries out calls to pack Dex modules, where extra code is packed from files with a.so extension at runtime.
  • The.so files themselves turn around and make extra calls to dlopen(), which can be used to load additional.so files. This facility is not usually examined by Google Play Protect and other static analysis services.
  • The.so files can be carried out in native code, such as C++. Making use of native code includes a layer of complexity to the analysis procedure and obscures the complete level of the app's abilities. Moreover, pattern-wiki.win native code can be leveraged to more easily escalate advantages, potentially exploiting vulnerabilities within the operating system or .

    Remarks

    While information collection prevails in contemporary applications for debugging and improving user experience, aggressive fingerprinting raises significant personal privacy issues. The DeepSeek app needs users to visit with a legitimate email, which should already offer adequate authentication. There is no legitimate factor for the app to strongly collect and transfer distinct gadget identifiers, IMEI numbers, SIM card details, and other non-resettable system properties.

    The degree of tracking observed here surpasses typical analytics practices, potentially allowing relentless user tracking and re-identification across devices. These behaviors, integrated with obfuscation methods and network communication with third-party tracking services, require a higher level of analysis from security researchers and users alike.

    The employment of runtime code loading along with the bundling of native code recommends that the app might enable the deployment and execution of unreviewed, from another location provided code. This is a severe possible attack vector. No proof in this report is provided that from another location deployed code execution is being done, just that the facility for higgledy-piggledy.xyz this appears present.

    Additionally, the app's method to finding rooted devices appears excessive for an AI chatbot. Root detection is often warranted in DRM-protected streaming services, where security and material defense are vital, or in competitive video games to avoid unfaithful. However, there is no clear reasoning for such stringent steps in an application of this nature, raising additional questions about its intent.

    Users and organizations thinking about setting up DeepSeek must know these prospective risks. If this application is being utilized within an enterprise or government environment, additional vetting and sitiosecuador.com security controls should be implemented before enabling its deployment on managed devices.

    Disclaimer: The analysis provided in this report is based on static code evaluation and does not indicate that all identified functions are actively utilized. Further investigation is required for definitive conclusions.