A recent security audit has exposed ten critical vulnerabilities in the Android app of Perplexity AI. A chatbot platform known for providing research-backed responses with citations. Despite its reputation for accuracy and early entrance into the AI chatbot market. Perplexity’s mobile app poses serious security concerns that could put user data at risk.
The findings come from a new assessment by mobile app security firm Appknox, which revealed that Perplexity’s app contains almost twice as many flaws as DeepSeek, a Chinese chatbot previously criticized for its rushed release and weak mobile security.
Launched just after ChatGPT in late 2022, Perplexity quickly gained attention for its polished responses and citation-based search features. But researchers say the app’s security foundation doesn’t match its surface sophistication.
Perplexity AI App Shares and Exceeds DeepSeek’s Security Weaknesses
According to Appknox’s research team, the same six vulnerabilities previously found in DeepSeek were all present in Perplexity’s Android app. These include:
- Insecure network configurations, creating potential for man-in-the-middle (MITM) attacks
- Lack of SSL validation and certificate pinning (CVSS 5.9), enabling server impersonation risks
- Weak root/jailbreak detection (CVSS 6.8), making it easier for attackers to escalate privileges
- Susceptibility to StrandHogg, an old Android flaw allowing interface hijacking (CVSS 6.5)
- Exposure to CVE-2017-13156, which lets attackers modify apps without invalidating their signatures (CVSS 6.7)
- Clickjacking vulnerability (CVSS 4.8), where UI elements are manipulated to deceive users
These issues reflect systemic gaps in mobile app hardening — gaps that, if exploited, could compromise device security or expose personal data.
Unique Vulnerabilities of Perplexity AI Pose Even Bigger Threats
Beyond the shared weaknesses, Perplexity’s app was also found to contain additional flaws not seen in other chatbot apps. These include:
- Cross-Origin Resource Sharing (CORS) misconfigurations, allowing any website to interact with the app’s API
- Unobfuscated bytecode, making it easier for attackers to reverse-engineer the app
- No detection of Android Debug Bridge (ADB) or developer options, increasing susceptibility in testing environments
These flaws make the app especially vulnerable to manipulation in controlled or compromised settings, raising the risk of deeper system-level exploitation.
Critical Exposure of Hardcoded Secrets
Among the most severe issues was the discovery of hardcoded Google API keys and internal access tokens within the app. These keys were found embedded in the application code, where they could be easily extracted by anyone with basic reverse engineering skills.
If accessed, these secrets could be used to bypass authentication layers entirely, giving attackers direct access to the app’s backend APIs. This creates the potential for data leaks, integrity breaches, and complete loss of user confidentiality.
Researchers say this was the single most dangerous vulnerability found, as it could enable a range of attacks including impersonation, unauthorized access, and long-term exploitation of user sessions and services.
Recommendation: Uninstall Until Patched
Appknox recommends that users uninstall the Perplexity Android app immediately until a patch is released. Given the ease of exploitation and severity of the issues uncovered, the app currently poses a high security risk to users.
The findings also serve as a broader warning: many AI-focused companies are prioritizing language model innovation over basic app security. In the rush to bring products to market, critical vulnerabilities are being overlooked, leaving users exposed.
As AI chatbots continue to gain traction in both consumer and enterprise use, secure app development must catch up. For now, users should avoid the Perplexity Android app and remain cautious with similar tools until clear security assurances are in place.
