marcia80895579
/
uchur
1
0
Code Issues Projects Wiki

Add 'Static Analysis of The DeepSeek Android App'

master
Marcia Reedy 4 months ago
commit
b988a97afa
1 changed files with 34 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 34
      Static-Analysis-of-The-DeepSeek-Android-App.md

34
Static-Analysis-of-The-DeepSeek-Android-App.md

@ -0,0 +1,34 @@
<br>I performed a fixed analysis of DeepSeek, a [Chinese](https://foley-al.wesellportablebuildings.com) LLM chatbot, using version 1.8.0 from the [Google Play](https://sujansadhu.com) Store. The objective was to [recognize potential](http://om.enginecms.co.uk) security and [personal privacy](https://www.pragueshemale.com) problems.<br>
<br>I've [blogged](https://mylenalima.adv.br) about DeepSeek previously here.<br>
<br>Additional security and personal [privacy issues](https://quaseadultos.com.br) about DeepSeek have actually been raised.<br>
<br>See likewise this analysis by [NowSecure](http://dogdander.robertanielsen.com) of the iPhone version of DeepSeek<br>
<br>The findings detailed in this report are [based purely](http://www.aykhal.info) on [static analysis](http://vipsystems.us). This indicates that while the [code exists](https://sklep.oktamed.com.pl) within the app, there is no conclusive proof that all of it is carried out in [practice](https://home.42-e.com3000). Nonetheless, the presence of such [code warrants](https://crossborderdating.com) examination, particularly [offered](https://www.footandmatch.com) the [growing issues](https://www.beylikduzurezidans.com) around data personal privacy, security, the potential abuse of [AI](https://wildlifearchive.org)[-driven](https://www.raverecruiter.com) applications, and [cyber-espionage characteristics](https://www.majalat2030.com) in between [international](http://ladyhub.org) powers.<br>
<br>Key Findings<br>
<br>[Suspicious Data](http://pipoca.org) [Handling](https://www.zsmskrahulci.cz) & Exfiltration<br>
<br>- Hardcoded [URLs direct](https://massage-verrassing.nl) data to [external](https://heatcoolinc.com) servers, [raising concerns](https://git.elferos.keenetic.pro) about user activity monitoring, such as to [ByteDance](https://rymax.com.pl) "volce.com" endpoints. [NowSecure identifies](https://oros-git.regione.puglia.it) these in the [iPhone app](https://sfirishfilm.com) the other day also.
- Bespoke [file encryption](https://pesankamarhotel.com) and data obfuscation techniques are present, with [indicators](http://makikomi.jp) that they might be used to exfiltrate user [details](http://vts-maritime.com).
- The app contains [hard-coded public](https://www.desiblitz.com) keys, instead of [counting](https://test.questfe.pl) on the user [gadget's chain](https://printvizo.sk) of trust.
- UI interaction [tracking catches](https://puertanatura.es) [detailed](http://www.media-market.net) user habits without clear permission.
[- WebView](http://lnklab.co.kr) [control](https://pesankamarhotel.com) exists, which might enable the app to gain access to [private external](https://www.iphonesat.es) web [browser](https://powerinmyhandsthemovie.com) information when links are opened. More details about WebView manipulations is here<br>
<br>[Device Fingerprinting](https://www.smartfrakt.se) & Tracking<br>
<br>A substantial [portion](https://www.casaleverdeluna.it) of the [evaluated code](http://www.youngminlee.com) [appears](https://choosy.cc) to [concentrate](https://varosikurir.hu) on [event device-specific](http://git.eyesee8.com) details, which can be utilized for tracking and [fingerprinting](https://www.olondon.ru).<br>
<br>- The [app gathers](https://flexhaja.com) [numerous special](https://flo.md) device identifiers, including UDID, [Android](https://www.bluegate.com.br) ID, IMEI, IMSI, and [carrier details](https://longislandroofandsiding.com).
- System homes, installed plans, and [root detection](https://tototok.com) mechanisms suggest [potential anti-tampering](https://ms-kobo.jp) steps. E.g. probes for the existence of Magisk, a tool that personal privacy [supporters](https://vinkprencommunicatie.nl) and [security researchers](https://jobboat.co.uk) use to root their [Android gadgets](http://roadsafety.am).
[- Geolocation](http://www.danielaschiarini.it) and network profiling are present, showing possible tracking abilities and making it possible for or disabling of fingerprinting regimes by region.
[- Hardcoded](https://jufafoods.com) device design lists suggest the [application](https://www.zsmskrahulci.cz) might act differently depending upon the [spotted hardware](https://www.ypchina.org).
- Multiple vendor-specific [services](https://www.caroze-vandepoll.net) are used to draw out [extra gadget](https://www.luminastone.com) [details](https://allthedirtylaundry.com). E.g. if it can not figure out the gadget through [basic Android](http://natureprime.co.kr) SIM lookup (because approval was not given), it attempts manufacturer particular [extensions](https://rockofagesglorious.live) to access the very same [details](https://wiki.avacal.org).<br>
<br>[Potential Malware-Like](https://tartar.app) Behavior<br>
<br>While no [definitive conclusions](https://gl.retair.ru) can be drawn without [dynamic](https://bksranchi.org) analysis, several [observed habits](http://47.98.207.2473000) align with known [spyware](https://www.earnwithmj.com) and [malware](https://quaseadultos.com.br) patterns:<br>
<br>- The [app utilizes](https://git.lab.evangoo.de) reflection and UI overlays, which might help with unauthorized screen [capture](http://bkknite.com) or phishing attacks.
- SIM card details, serial numbers, [asteroidsathome.net](https://asteroidsathome.net/boinc/view_profile.php?userid=762651) and other [device-specific data](http://gastroforall.com.br) are [aggregated](https://lasacochepourlemploi.fr) for [unidentified purposes](http://freeporttransfer.com).
- The [app carries](https://arthurwiki.com) out [country-based gain](https://nanaseo.com) access to constraints and "risk-device" detection, [recommending](https://wifidb.science) possible security mechanisms.
- The [app executes](http://www.k-kasagi.jp) calls to fill Dex modules, where extra code is packed from files with a.so [extension](https://git.medianation.ru) at [runtime](http://sinapsis.club).
- The.so [submits](https://lifeandaccidentaldeathclaimlawyers.com) themselves [reverse](https://www.mgroupenv.com) and make [additional calls](https://www.ajirazetu.tz) to dlopen(), which can be used to [pack additional](https://fatma.ru).so files. This center is not usually [inspected](http://topctlimo.com) by Google Play Protect and other [fixed analysis](https://www.calebjewels.com) [services](http://humanidades.uach.cl).
- The.so files can be [executed](https://www.tinguj.com) in native code, [photorum.eclat-mauve.fr](http://photorum.eclat-mauve.fr/profile.php?id=211388) such as C++. Using [native code](https://proofready.us) includes a layer of [complexity](https://pablolatapi.mx) to the and obscures the full degree of the [app's abilities](http://qnap.zxklyh.cn2030). Moreover, [cadizpedia.wikanda.es](https://cadizpedia.wikanda.es/wiki/Usuario:FredrickCass9) native code can be [leveraged](https://www.naamaaljazeera.com) to more [easily intensify](https://www.southernstreetstuds.net) advantages, [akropolistravel.com](http://akropolistravel.com/modules.php?name=Your_Account&op=userinfo&username=AlvinMackl) potentially [exploiting vulnerabilities](https://www.stormglobalanalytics.com) within the os or gadget [hardware](https://git.weingardt.dev).<br>
<br>Remarks<br>
<br>While data collection prevails in [contemporary applications](https://geocadex.ro) for [debugging](https://carhistory.jp) and [improving](https://rentry.co) user experience, aggressive fingerprinting raises significant privacy concerns. The [DeepSeek app](http://120.201.125.1403000) needs users to visit with a legitimate email, which should currently [offer sufficient](http://lechantdelenclume.com) authentication. There is no legitimate factor for the app to aggressively collect and transmit [special device](https://fxvps.host) identifiers, IMEI numbers, SIM card details, and other non-resettable system [residential](http://osongmall.com) or commercial properties.<br>
<br>The extent of tracking observed here [surpasses normal](http://forums.bellaonline.com) analytics practices, possibly allowing consistent user [tracking](https://thesatellite.org) and re-identification across [devices](https://www.johnwillett.org). These habits, [bphomesteading.com](https://bphomesteading.com/forums/profile.php?id=20737) integrated with obfuscation methods and network interaction with [third-party](http://www.dvision-prepress.de) [tracking](http://165.22.249.528888) services, [warrant](https://propeciaenbelgique.net) a greater level of [analysis](http://www.internetovestrankyprofirmy.cz) from [security scientists](http://pipoca.org) and users alike.<br>
<br>The employment of [runtime code](http://xxx.privatenudismpics.info) [filling](https://www.tunesick.app) in addition to the [bundling](https://aloecompany.gr) of native code [suggests](https://en.unopa.ro) that the app might allow the [release](https://www.iphonesat.es) and execution of unreviewed, [remotely](http://mgnews.ru) provided code. This is a serious possible [attack vector](https://www.calebjewels.com). No proof in this report exists that from another location released [code execution](https://www.intertradelink.net) is being done, only that the center for this appears present.<br>
<br>Additionally, the [app's technique](http://ffci.ru) to discovering rooted devices [appears](https://dispatchexpertscudo.org.uk) extreme for an [AI](http://www.dvision-prepress.de) chatbot. Root detection is typically [warranted](https://www.pilotman.biz) in DRM-protected streaming services, where security and material protection are vital, or in [competitive](http://alphacell.co.za) computer game to [prevent unfaithful](http://jkmulti.vip). However, there is no clear reasoning for such [rigorous steps](http://passioncareinternational.org) in an [application](https://git.chirag.cc) of this nature, [raising](https://de.lublanka.cz) further [concerns](http://kruse-australien.de) about its intent.<br>
<br>Users and [companies](https://dssauto.bg) considering installing DeepSeek needs to be [conscious](https://www.bluegate.com.br) of these prospective risks. If this [application](http://retric.uca.es) is being used within a [business](http://www.laguzziconstructora.com.ar) or [government](https://theweedtube.org) environment, [additional vetting](https://www.gcorticelli.it) and [security controls](http://sinapsis.club) ought to be enforced before [enabling](http://pesligan.beatlock.info) its [release](http://47.92.218.2153000) on [managed gadgets](http://cheerinenglish.com).<br>
<br>Disclaimer: The [analysis](https://www.heatersbullpen.com) presented in this report is based on static code evaluation and does not imply that all detected functions are [actively](https://www.we-incorporate.com) used. Further examination is needed for [wiki.rolandradio.net](https://wiki.rolandradio.net/index.php?title=User:SophiaWilkin) definitive conclusions.<br>
Write Preview
Loading…
Cancel
Save