Perplexity faces backlash over security flaws in its Android app
- Perplexity's Android app contains 10 critical vulnerabilities that could lead to user data theft.
- The app’s code has hardcoded secrets that attackers can exploit to create clones.
- Experts are advising users to uninstall the app until security issues are addressed.
In February 2025, Perplexity, an AI search startup based in the United States, launched its Android app designed to function as both a search tool and an AI assistant. However, soon after its release, the app was found to harbor significant security issues, as highlighted in a report by Appknox, a mobile security firm situated in India. The vulnerabilities were serious enough that they could lead to data theft, account takeover, and impersonation by hackers. One critical flaw even allows free access to Perplexity's API, which poses a risk of revenue loss for the company. The research conducted by Subho Halder, the CEO of Appknox, detailed particular risks associated with the app. Notably, the app's code contained hardcoded secrets, which are sensitive information such as passwords and API keys. These secrets can be extracted by attackers, allowing them to create malicious clones of the app. This can mislead users into thinking they are interacting with the legitimate app while their private information, including account details and uploaded documents, are exposed to theft. Perplexity's app initially garnered popularity, accumulating over 10 million downloads on Google Play. However, the negative coverage due to its security flaws poses a threat to its reputation, especially as the company seeks further investment. The app's vulnerabilities also allow for potential network-based attacks, particularly when connected to unsecured networks, such as those found in public places like airports. Users can be particularly vulnerable to having their conversations intercepted and personal data stolen in these situations. Following the discovery of these flaws, Subho Halder recommended that users uninstall the app until the security issues are rectified. This advice comes at a time when AI applications are being developed rapidly, often overlooking essential security standards. Perplexity's challenges underscore the pressing need for security measures in the technology space, particularly as AI and interconnected applications become increasingly prevalent in everyday life.