Major Security Flaws in Perplexity AI Put User Data at Risk

Image by Unsplash

This post is also available in: עברית (Hebrew)

As AI assistants become a central part of daily life in 2025, one popular app, Perplexity AI, has raised serious cybersecurity alarms. A recent security investigation has uncovered a range of vulnerabilities in its Android app that could put users at risk of identity theft, data breaches, and full account takeovers.

The findings, from security researchers at Appknox, reveal a series of shocking flaws within the app’s code that could leave personal information wide open to attackers. Among the most critical issues is the presence of hardcoded API keys. These keys, embedded directly into the app’s code, could be easily accessed by anyone with basic knowledge of how to decompile an Android app. Once in the wrong hands, these keys could allow unauthorized access to backend services, enabling attackers to leak or manipulate user data.

Further complicating matters, the app’s API is misconfigured to allow any website, malicious or otherwise, to send requests to the app’s backend systems, paving the way for attacks.

The security risks don’t stop there. There is no SSL pinning, which means attackers can intercept communications between the app and its servers, gaining access to users’ search histories, login credentials, and other personal information. The app’s bytecode is also exposed, leaving it open to reverse engineering.

Lastly, researchers found that Perplexity has no protection against debugging tools or developer exploits, allowing attackers to dissect the app’s inner workings in a controlled environment. This means that vulnerabilities can be discovered and exploited with ease.

In comparison to Deepseek, another AI platform that Appknox reported had security issues, Perplexity has more vulnerabilities overall. While both systems share certain weaknesses, Perplexity’s issues could make it a larger target for cybercriminals.

Users should remain cautious about their security, particularly when using platforms that handle sensitive information. Experts also emphasize the need for immediate action to address these glaring security flaws.