Page: Static Analysis of The DeepSeek Android App

AI Agents are Concerning Knock on the Door Of Municipal Government

AI Agents are Pertaining To Knock on the Door Of Municipal Government

AI App Offers a Lifeline For S.Africa's Abused Women

AI Starts to Assist India's Struggling Farms

AI Starts to help India's Struggling Farms

AOC Ridiculed for Bizarre Take On Elon Musk's Intelligence

ARTIFICIAL INTELLIGENCE aND tHE FUTURE OF EDUCATION

Applied aI Tools

As DeepSeek Upends the aI Industry, one Group is Urging Australia to Embrace The Opportunity

Australia Bans DeepSeek aI Program On Government Devices

Bill Gates Issues Chilling Warning about the Future Of AI

Call to end 'tech Bro' Era To Bolster National Security

ChatGPT Pertains to 500,000 Brand new Users in OpenAI's Largest AI Education Deal Yet

ChatGPT Pertains to 500,000 new Users in OpenAI's Largest AI Education Deal Yet

Contact us to end 'tech Bro' Era To Bolster National Security

DeepSeek: how Chinese Chatbot Conquers the Global IT Market

DeepSeek Founder Says China aI will Stop Following U.S.

DeepSeek Just Insisted it's ChatGPT, and i Think that's all the Proof I Need

DeepSeek R1's Implications: Winners and Losers in the Generative AI Value Chain

DeepSeek R1, at the Cusp of An Open Revolution

DeepSeek aI will Reshape Business and Ethics For Nigerian Leaders

Distillation with Reasoning: can DeepSeek R1 Teach Better Than Humans?

Elon Musk's Brand new DOGE Staffer Quits Over Racist Social Media Posts

Elon Musk's Brand new DOGE Staffer Quits Over Racist Social Network Posts

Elon Musk's new DOGE Staffer Quits Over Racist Social Media Posts

Elon Musk Chief Nerd's Elaborate $1,000 Troll Scam

Experts Share DeepSeek Warning as it Sparks 'Lord of The Rings Race'

Exploring DeepSeek R1's Agentic Capabilities Through Code Actions

Get Instant Access To Breaking News

How To Get Rid Of Snapchat Ai?

How aI Deepfake of 007 Star Left Art Gallery Owner's World in Tatters

How an AI written Book Shows why the Tech 'Horrifies' Creatives

How is that For Flexibility?

Hugging Face Clones OpenAI's Deep Research in 24 Hours

Japan pM Heads to United States For Trump Summit

Judge Says Elon Musk's Claims of Harm from OpenAI Are A 'stretch'.

MIDAS SHARE TIPS: Bytes Technology Ready to Rebound after A Hard Year

Musk's Claim against OpenAI May go to Trial In Part, Judge Says

Musk Polls whether DOGE Staffer who made Racist Posts should Return

OpenAI Looks throughout United States for Sites to Build Its Trump backed Stargate

OpenAI has Little Legal Recourse against DeepSeek, Tech Law Experts Say

Our Brand new Deepseek based AI Says

Parents Of Dead OpenAI Whistleblower Sue San Francisco, Alleging Murder Cover Up

Schulman Left OpenAI in August 2025

Static Analysis of The DeepSeek Android App

Tech Trends 2025

The Chinese aI Companies that Might Match DeepSeek's Impact

The DeepSeek Doctrine: how Chinese aI could Shape Taiwan's Future

Trump's 'Insane' Gaz a Lago Plan is the Best Expect Palestinians

Trump's 'Insane' Gaz a Lago Plan is the very Best Expect Palestinians

Trump's 'Insane' Gaz a Lago Plan is the very Best Wish For Palestinians

Understanding DeepSeek R1

What Trump's Trade War Means for YOUR Investments

HTTP

4 Static Analysis of The DeepSeek Android App

Abdul Dieter edited this page 3 months ago

I carried out a static analysis of DeepSeek, a Chinese LLM chatbot, using variation 1.8.0 from the Google Play Store. The objective was to determine possible security and personal privacy problems.

I've discussed DeepSeek formerly here.

Additional security and personal privacy issues about DeepSeek have been raised.

See likewise this analysis by NowSecure of the iPhone variation of DeepSeek

The findings detailed in this report are based simply on static analysis. This indicates that while the code exists within the app, there is no definitive proof that all of it is performed in practice. Nonetheless, the existence of such code warrants analysis, specifically offered the growing concerns around information personal privacy, monitoring, the possible abuse of AI-driven applications, and cyber-espionage dynamics between worldwide powers.

Key Findings

Suspicious Data Handling & Exfiltration

- Hardcoded URLs direct information to external servers, raising concerns about user activity monitoring, such as to ByteDance "volce.com" endpoints. NowSecure identifies these in the iPhone app the other day also.

• Bespoke encryption and data obfuscation techniques exist, with indicators that they could be utilized to exfiltrate user details.
• The app contains hard-coded public keys, rather than depending on the user device's chain of trust.
• UI interaction tracking records user behavior without clear consent.
• WebView control is present, which could allow for the app to gain access to private external web browser information when links are opened. More details about WebView controls is here
  
  Device Fingerprinting & Tracking
  
  A considerable part of the evaluated code appears to concentrate on gathering device-specific details, which can be used for tracking and fingerprinting.
  
  - The app gathers various special device identifiers, including UDID, Android ID, IMEI, IMSI, and provider details.
• System properties, installed packages, and root detection mechanisms recommend prospective anti-tampering steps. E.g. probes for the existence of Magisk, a tool that personal privacy supporters and security scientists utilize to root their Android devices.
• Geolocation and network profiling exist, showing prospective tracking capabilities and enabling or disabling of fingerprinting routines by region.
• Hardcoded device model lists recommend the application may behave differently depending upon the discovered hardware. - Multiple vendor-specific services are used to draw out extra gadget details. E.g. if it can not determine the device through basic Android SIM lookup (because authorization was not given), it attempts producer particular extensions to access the exact same details.
  
  Potential Malware-Like Behavior
  
  While no conclusive conclusions can be drawn without dynamic analysis, numerous observed habits line up with recognized spyware and malware patterns:
  
  - The app utilizes reflection and UI overlays, which might facilitate unapproved screen capture or phishing attacks.
• SIM card details, identification numbers, and other device-specific data are aggregated for unidentified purposes.
• The app implements country-based gain access to constraints and "risk-device" detection, recommending possible security systems.
• The app implements calls to pack Dex modules, wiki.rrtn.org where additional code is filled from files with a.so extension at runtime.
• The.so submits themselves turn around and make extra calls to dlopen(), which can be utilized to fill additional.so files. This facility is not normally examined by Google Play Protect and other static analysis services.
• The.so files can be executed in native code, ura.cc such as C++. Making use of native code includes a layer of intricacy to the analysis process and obscures the full level of the app's capabilities. Moreover, native code can be leveraged to more easily escalate opportunities, possibly exploiting vulnerabilities within the os or device hardware.
  
  Remarks
  
  While data collection prevails in modern applications for debugging and enhancing user experience, aggressive fingerprinting raises considerable privacy concerns. The DeepSeek app needs users to visit with a valid email, which ought to currently offer enough authentication. There is no legitimate factor for the app to strongly collect and transmit distinct gadget identifiers, IMEI numbers, SIM card details, and other non-resettable system properties.
  
  The degree of tracking observed here surpasses typical analytics practices, potentially making it possible for persistent user tracking and re-identification throughout gadgets. These behaviors, integrated with obfuscation techniques and network interaction with third-party tracking services, require a greater level of scrutiny from security scientists and users alike.
  
  The work of runtime code loading as well as the bundling of native code recommends that the app might permit the release and execution of unreviewed, from another location provided code. This is a major prospective attack vector. No proof in this report exists that from another location deployed code execution is being done, only that the facility for this appears present.
  
  Additionally, the app's method to detecting rooted gadgets appears extreme for an AI chatbot. Root detection is frequently warranted in DRM-protected streaming services, where security and material defense are vital, or in competitive video games to avoid unfaithful. However, there is no clear reasoning for such stringent measures in an application of this nature, raising more questions about its intent.
  
  Users and companies thinking about setting up DeepSeek ought to be aware of these prospective risks. If this application is being used within a business or government environment, additional vetting and security controls ought to be imposed before permitting its deployment on handled gadgets.
  
  Disclaimer: The analysis provided in this report is based on static code review and does not suggest that all discovered functions are actively utilized. Further investigation is required for definitive conclusions.