Perplexity's Android App Is Infested With Security Flaws, Report Finds

In February, Perplexity CEO and co-founder Aravind Srinivas sparked excitement among users by offering a $1 million prize to one lucky individual who downloaded the company's app, referred friends, and asked five questions during the Super Bowl. However, this tantalizing incentive belies a more alarming reality: Perplexity's Android app is riddled with security flaws that put its users at risk of data theft, account takeovers, and impersonation attacks from malicious hackers.

A report by India-based mobile security company Appknox has uncovered a host of vulnerabilities in the app, including hardcoded secrets, API keys, and other sensitive information that can be easily extracted by attackers. This allows clones of the Perplexity app to be created, which can then trick users into believing they're interacting with the real app, enabling hackers to collect private data like login information and uploaded documents.

Perplexity's AI assistant, rolled out in January, was touted as a game-changer for Android devices, allowing users to perform tasks like booking an Uber, playing videos on YouTube, finding songs on Spotify, and making reservations all on its own. However, this promise has been overshadowed by the discovery of numerous security issues that have left experts warning of the dangers of using the app.

Security researcher and Appknox CEO Subho Halder notes that Perplexity's code is embedded with "hardcoded secrets" – sensitive information like passwords and API keys that can be easily extracted by an attacker. This creates a perfect storm of vulnerabilities, including task hijacking, where a rogue app takes control of the phone's actions without your knowledge, allowing hackers to monitor your activity and collect data.

Halder warns that Perplexity is "a full-blown security hazard" and advises users to remove the app from their phones until the issues are resolved. He also highlights the importance of securing not just the models themselves but also the applications where people interact with them, emphasizing that AI applications are being built at a breakneck speed, and many are failing on the most basic vulnerability checks.

Perplexity's troubles go beyond security flaws. The company has faced criticism for allegedly plagiarizing reporting from Forbes and redistributing it across multiple platforms through a feature called Perplexity Pages. In response to these claims, Perplexity CEO Aravind Srinivas stated that the feature had "rough edges" and was being improved with more feedback.

Perplexity has faced funding woes, reportedly in talks to raise $18 billion at a valuation of $9 billion, according to Pitchdeck. However, this investment is now under threat due to the security issues surrounding its app. The company's plans to integrate its AI assistant into Samsung phones and Lenovo-owned Motorola devices are also uncertain.

In light of these findings, users would do well to exercise caution when using Perplexity's Android app. Until the security issues are resolved, it is advisable to remove the app from your phone to avoid potential data breaches and other security risks. As Halder so aptly puts it, "Perplexity is a warning sign for the broader industry – AI applications can be built with reckless abandon, putting users at risk of being exploited."