In a bold marketing strategy, Perplexity has opted to forego the traditional Super Bowl advertisement in favor of a unique promotional campaign. The company announced that it would award million to one fortunate user who downloads its app, refers friends, and engages with the app by asking five questions during the game. The initiative, dubbed “Ask like a millionaire,” aims to attract a wider audience and boost user engagement.
Security Concerns Surface
However, this ambitious push comes at a time when Perplexity’s Android app is facing significant scrutiny due to a series of security vulnerabilities. A recent report from Appknox, a mobile security firm based in India, highlights critical issues that could expose users to data theft, account takeovers, and impersonation attacks by malicious hackers. Alarmingly, the report indicates that the app’s API can be accessed without restriction, potentially jeopardizing the company’s revenue stream.
Subho Halder, CEO of Appknox, pointed out that the app’s code contains “hardcoded secrets,” which are sensitive pieces of information such as passwords and API keys. This flaw makes it relatively easy for attackers to create clones of the app, misleading users into downloading these counterfeit versions. Such clones could harvest private data, including login credentials and uploaded documents, posing a serious risk to user privacy.
Perplexity launched its AI assistant for Android devices in January, promoting its ability to perform various tasks autonomously, such as booking rides and playing music. Yet, as the company seeks to expand its user base—reportedly in discussions to secure funding at an billion valuation—the timing of these security revelations raises concerns. The company is exploring partnerships with major smartphone manufacturers like Samsung and has already reached an agreement with Motorola to integrate its AI assistant into their devices.
In addition to these vulnerabilities, the app is also susceptible to “task hijacking.” This type of attack allows a rogue application to take control of a user’s actions without their knowledge, potentially intercepting sensitive data during use. For instance, if a user is typing a search query in Amazon while using Perplexity, a malicious actor could gain unauthorized access to that information. Halder cautioned that users on unsecured networks, such as public Wi-Fi hotspots, are particularly at risk, as their interactions with the app could be intercepted.
Founded in 2022, Perplexity initially gained attention for its conversational AI search engine, which utilizes a combination of large language models from OpenAI, Anthropic, and Meta to generate summaries and provide information from across the web. The company has successfully raised 0 million in venture capital from prominent investors, including Jeff Bezos and Andrej Karpathy, and currently holds a valuation of billion, with over 10 million downloads on Google Play.
Despite its rapid growth, Perplexity has faced criticism from media outlets, including Forbes, for allegedly plagiarizing content and redistributing it through a feature known as Perplexity Pages. In response to a cease-and-desist letter from Forbes regarding copyright infringement, Perplexity maintained that the claims were unfounded, arguing that factual information is not subject to copyright protection.
As the landscape of AI continues to evolve, the focus on safety and security is paramount. Halder emphasized that while much attention is given to the accuracy and bias of AI models, securing the applications that facilitate user interaction is equally critical. He advises users to consider removing the Perplexity app from their devices until the identified issues are adequately addressed, highlighting the urgent need for robust security measures in rapidly developed AI applications.
