abepulver36898/compass-sms
1
0
Code Issues Projects Packages Wiki Activity Actions
Page: Static Analysis of The DeepSeek Android App
Pages
AI App Offers a Lifeline For S.Africa's Abused Women AI Starts to Assist India's Struggling Farms Applied aI Tools As DeepSeek Upends the aI Industry, one Group is Urging Australia to Embrace The Opportunity Australia Bans DeepSeek aI Program On Government Devices Bill Gates Issues Chilling Warning about the Future Of AI Decrypt's Art, Fashion, And Entertainment Hub DeepSeek: what you Need to Learn About the Chinese Firm Disrupting the AI Landscape DeepSeek Founder Says China aI will Stop Following U.S. DeepSeek Just Insisted it's ChatGPT, and i Think that's all the Proof I Need DeepSeek R1's Implications: Winners and Losers in the Generative AI Value Chain DeepSeek-R1, at the Cusp of An Open Revolution DeepSeek aI will Reshape Business and Ethics For Nigerian Leaders Distillation with Reasoning: can DeepSeek R1 Teach Better Than Humans? EXPERT SYSTEM aND tHE FUTURE OF EDUCATION Elon Musk's Brand-new DOGE Staffer Quits Over Racist Social Network Posts Elon Musk's TIME Magazine Cover has Everybody Saying the Exact same Thing Elon Musk's TIME Magazine Cover has everyone Saying the very Same Thing Elon Musk's new DOGE Staffer Quits Over Racist Social Network Posts Elon Musk Chief Nerd's Elaborate $1,000 Troll Scam Experts Share DeepSeek Warning as it Sparks 'Lord of The Rings Race' Get Instant Access To Breaking News How an AI-written Book Shows why the Tech 'Terrifies' Creatives How is that For Flexibility? How to Capitalize The 'Magnificent 7' Tech Stocks Hugging Face Clones OpenAI's Deep Research in 24 Hours Japan pM Heads to United States For Trump Summit Japan pM Heads to uS For Trump Summit MIDAS SHARE TIPS: Bytes Technology Ready to Rebound after A Hard Year Musk's Claim against OpenAI May go to Trial In Part, Judge Says Musk Polls whether DOGE Staffer who made Racist Posts must Return OpenAI Looks across United States for Sites to Build Its Trump-backed Stargate OpenAI Looks throughout United States for Sites to Build Its Trump-backed Stargate OpenAI Announces new 'deep Research' Tool For ChatGPT OpenAI has Little Legal Recourse against DeepSeek, Tech Law Experts Say Our Brand-new Deepseek-based AI Says Our new Deepseek-based AI Says Parents Of Dead OpenAI Whistleblower Sue San Francisco, Alleging Murder Cover-Up Push to Ban DeepSeek from all US Government-owned Devices Push to Ban DeepSeek from all United States Government-owned Devices REVEALED: DOGE's Final Goal as It Launches Government Blitzkrieg Sailing-Bigger and Faster, SailGP Back where all of it Began In Sydney Schulman Left OpenAI in August 2025 Staggering Cost of Bronze Statue of Daniel Andrews In Melbourne Static Analysis of The DeepSeek Android App Superseding Indictment Charges Chinese National in Relation to Alleged Plan to Steal Proprietary AI Technology The Chinese aI Companies that Might Match DeepSeek's Impact The DeepSeek Doctrine: how Chinese aI could Shape Taiwan's Future Understanding DeepSeek R1 What Trump's Trade War Means for YOUR Investments
1 Static Analysis of The DeepSeek Android App
Abe Pulver edited this page 2025-02-10 12:48:46 +01:00


I conducted a static analysis of DeepSeek, a Chinese LLM chatbot, using version 1.8.0 from the Google Play Store. The goal was to determine prospective security and personal privacy problems.

I have actually written about DeepSeek previously here.

Additional security and personal privacy issues about DeepSeek have actually been raised.

See also this analysis by NowSecure of the iPhone version of DeepSeek

The findings detailed in this report are based purely on static analysis. This indicates that while the code exists within the app, there is no definitive proof that all of it is executed in practice. Nonetheless, the existence of such code warrants examination, particularly offered the growing issues around information privacy, monitoring, the possible misuse of AI-driven applications, and cyber-espionage dynamics between global powers.

Key Findings

Suspicious Data Handling & Exfiltration

- Hardcoded URLs direct information to external servers, raising concerns about user activity monitoring, such as to ByteDance "volce.com" endpoints. NowSecure determines these in the iPhone app the other day too. - Bespoke file encryption and data obfuscation techniques are present, with indicators that they could be utilized to exfiltrate user details.

  • The app contains hard-coded public keys, rather than counting on the user device's chain of trust.
  • UI interaction tracking catches detailed user behavior without clear permission.
  • WebView manipulation is present, which might enable the app to gain access to private external web browser information when links are opened. More details about WebView adjustments is here

    Device Fingerprinting & Tracking

    A substantial portion of the examined code appears to concentrate on event device-specific details, which can be used for tracking and fingerprinting.

    - The app collects numerous special device identifiers, consisting of UDID, Android ID, IMEI, IMSI, and provider details.
  • System properties, installed plans, and root detection systems suggest prospective anti-tampering procedures. E.g. probes for the presence of Magisk, a tool that personal privacy advocates and security scientists utilize to root their Android devices.
  • Geolocation and network profiling exist, indicating possible tracking abilities and allowing or disabling of fingerprinting regimes by area. - Hardcoded gadget model lists suggest the application might act differently depending upon the found hardware.
  • Multiple vendor-specific services are utilized to extract additional device details. E.g. if it can not identify the device through standard Android SIM lookup (because approval was not granted), it tries manufacturer particular extensions to access the very same details.

    Potential Malware-Like Behavior

    While no definitive conclusions can be drawn without dynamic analysis, a number of observed behaviors align with recognized spyware and malware patterns:

    - The app uses and UI overlays, which could assist in unauthorized screen capture or phishing attacks.
  • SIM card details, serial numbers, and other device-specific information are aggregated for unknown functions.
  • The app implements country-based gain access to constraints and "risk-device" detection, recommending possible surveillance mechanisms.
  • The app carries out calls to pack Dex modules, where additional code is filled from files with a.so extension at runtime.
  • The.so submits themselves turn around and make extra calls to dlopen(), which can be utilized to pack additional.so files. This center is not generally examined by Google Play Protect and other fixed analysis services.
  • The.so files can be executed in native code, such as C++. The usage of native code adds a layer of intricacy to the analysis procedure and obscures the full extent of the app's capabilities. Moreover, native code can be leveraged to more quickly escalate advantages, potentially making use of vulnerabilities within the operating system or gadget hardware.

    Remarks

    While information collection prevails in contemporary applications for debugging and improving user experience, aggressive fingerprinting raises significant personal privacy concerns. The DeepSeek app requires users to visit with a legitimate email, akropolistravel.com which ought to currently provide sufficient authentication. There is no legitimate reason for the app to aggressively collect and transmit distinct gadget identifiers, IMEI numbers, SIM card details, and other non-resettable system properties.

    The level of tracking observed here surpasses common analytics practices, possibly making it possible for consistent user tracking and re-identification across devices. These habits, combined with obfuscation techniques and network communication with third-party tracking services, necessitate a higher level of scrutiny from security scientists and users alike.

    The employment of runtime code loading as well as the bundling of native code suggests that the app could allow the implementation and execution of unreviewed, from another location delivered code. This is a severe prospective attack vector. No proof in this report is provided that remotely released code execution is being done, only that the facility for this appears present.

    Additionally, the app's technique to identifying rooted devices appears extreme for an AI chatbot. Root detection is typically justified in DRM-protected streaming services, where security and material defense are critical, or in competitive video games to avoid unfaithful. However, there is no clear rationale for such stringent measures in an application of this nature, raising more questions about its intent.

    Users and organizations thinking about installing DeepSeek ought to know these possible threats. If this application is being used within a business or federal government environment, extra vetting and security controls need to be imposed before permitting its deployment on managed devices.

    Disclaimer: The analysis provided in this report is based on static code review and does not indicate that all identified functions are actively utilized. Further investigation is required for conclusive conclusions.