Security researchers from Appknox have found 10 serious vulnerabilities in Perplexity AI chatbot’s Android application. The flaws — some of which are shared with other AI chatbots — prompted security reserachers o urge users to uninstall the app until fixes are implemented.
Researchers Uncover 10 Security Flaws in Perplexity AI Chatbot
Appknox found twice as many security flaws in their earlier assessment of DeepSeek, a Chinese chatbot which is often criticized for its rapid development and poor security hygiene. In February 2025, researchers had identified six vulnerabilities in DeepSeek. Alarmingly, all six were also found in Perplexity.
These shared vulnerabilities are
-
- Insecure network configurations, increasing the risk of man-in-the-middle or other network-based attacks.
- Lack of SSL validation or certificate pinning (CVSS 5.9), enabling impersonation of servers.
- Weak root or jailbreak detection mechanisms (CVSS 6.8), leaving the app exposed to privilege escalation.
- Vulnerability to clickjacking attacks (CVSS 4.8), where user interface tricks could lead to unintended actions.
- Susceptibility to CVE-2017-13156, a dated but still potent flaw that enables attackers to modify apps without breaking their digital signatures (CVSS 6.7).
- Exposure to “StrandHogg”, a well-known Android vulnerability allowing malicious apps to hijack legitimate app sessions (CVSS 6.5).
The vulnerabilities that are specific to Perplexity’s Android app:
-
-
-
- Lack of bytecode obfuscation, making it easier for attackers to reverse-engineer the app.
- Absence of detections for ADB (Android Debug Bridge) and developer options, giving attackers more room to manipulate the app in testing environments.
- Hardcoded sensitive information, including Google API keys and access tokens, found directly within the app’s code.
- CORS misconfigurations in API responses, potentially allowing any website to interact with Perplexity’s backend.
-
-
Researchers warned that the attacker could get their hands on API keys and Access tokens used by the Perplexity team. The above vulnerabilities could comprise user data and manipulate the entire backend operations.
Conclusion
While proof-of-concept exploits and public documentation for nearly all of the identified vulnerabilities are available in the internet, these vulnerabilities could be exploited by anybody. Nation-state actors, particularly amid the intensifying AI race between the U.S. and China, could seize on these low-hanging fruits to gain strategic advantage or access sensitive information.
With Perplexity chatbot app is used by individuals and organizations that handle confidential data, the implications of such security oversights are devastating. Until these flaws are fixed, the app poses a significant threat to user privacy.
Follow us on X and Linkedin for the latest cybersecurity news
Source: hxxps[://]www[.]darkreading[.]com/application-security/11-bugs-found-perplexity-chatbots-android-app
