0:00

The Rabbit device has been getting a lot of

0:02

flack since it dropped. It's an AI device, of

0:04

course, that it's like its own thing. You can

0:06

go take pictures with it and ask it what

0:08

it sees. It uses AI to give you feedback.

0:10

It can answer all sorts of questions. It's supposed

0:12

to be like a personal companion. And while a

0:14

lot of people are saying, you know, it can

0:16

do everything that a smartphone can do, they're saying,

0:18

look, this is a totally unique device. It's only,

0:20

I think, like 300 bucks or 200 bucks. So

0:23

it's not like crazy expensive compared to something

0:25

like the Humane Pin. But recently, it has

0:27

been getting a ton of extra flack as

0:29

people have realized that essentially it is just

0:31

an Android phone. It's running on Android. It's

0:33

doing everything an Android phone has done. They've

0:35

cracked it. They've released an APK. There's a

0:37

ton going on that's really interesting. I'm going

0:39

to be reading a bunch of different comments

0:41

over on ex Twitter that have been going

0:43

over this. Emily Shepard kind of did a

0:46

whole round up thread on this that I

0:48

got a lot of great data from. So

0:50

shout out to Emily. But I

0:52

want to go over the whole drama because the

0:54

CEO of Rabbit has been tweeting and people have

0:56

been tweeting at him and there's tons going on

0:58

there. So it's really excited. So let's kick

1:00

this all off. So this all kind of

1:03

got started back on April 30th, Marcel put

1:05

out a tweet. He said, okay, so people

1:07

already cracked that rabbit are one and found

1:09

out it's Android. People duped the

1:12

APK and I got it working with root

1:14

and a few mods on a standard phone.

1:17

So he literally got this thing running

1:19

on a regular Android. It does all

1:21

this stuff when you shake it just

1:23

like the regular device. It lets

1:25

you ask it a question. It's doing everything that

1:27

the regular rabbit device can do. Now, there's

1:30

some really big security issues with being able to

1:32

do this and I'm going to go over them.

1:34

But I did want to say after

1:36

he tweeted that out and he showed kind of a video demo of

1:38

him using it, we got a response

1:41

from the actual team over at rabbit

1:43

and they said rabbit are

1:45

one is not an Android app. We're

1:47

aware that there are some unofficial rabbit

1:49

OS app website emulators out there rabbit

1:51

is customized for the R1 whatever whatever.

1:53

So they have this whole tweet about

1:55

how it's this is definitely not just

1:57

an app because that's kind of the

1:59

criticism. that got a lot of the time is people

2:01

were like, hey, cool device or whatever, it looks cool, it looks

2:03

fun, but like why isn't this just like an app? You know,

2:05

why do you have to sell an entire device? Why aren't you

2:08

just making an app out of this? So

2:10

their response also included a very interesting

2:12

claim that they essentially, you know, when

2:14

they're saying this is an app, they're

2:16

saying that they were using quote, and

2:18

this all comes from their Discord server,

2:21

by the way, that they were using

2:23

quote, very bestoke AOSP and lower level

2:25

firmware modifications. So yeah, anyways, Jesse

2:27

had a previous claim where he said that

2:29

this was a very heavily modified AOSP, and

2:32

AOSP means Android Open Source Project. So

2:34

essentially this is kind of like Android

2:36

without Google's code, so there's no like

2:38

Gmail or okay Google embedded into this,

2:40

but it's essentially Android. And that's kind of the

2:43

purpose of Android, it was an open source project,

2:45

so anyone can go in and kind of use

2:47

this, but you don't get all of the cool

2:49

Google features if you're just forking it and using

2:51

it open source versus actually being on the Android

2:53

ecosystem. So in any case, they're saying,

2:55

yeah, we use that, we heavily modified it, whatever, that

2:58

was kind of their thing. So

3:01

then we have Jess Liu, who is the

3:03

CEO of Rabbit, he went to X and

3:05

he kind of got mad at Mishra Rama,

3:07

who's kind of the author of

3:10

the Android Authority piece, that's an article that

3:12

was written on Android Authority. And

3:14

when they essentially said that this

3:16

is an issue and he said

3:18

quote, why that bootleg APK is

3:21

not working, try now, and you

3:23

know, pretty much like taunting him, being like, we

3:26

fixed the error, we

3:28

fixed the crack or the leak or whatever, so you won't

3:30

be able to use that APK anymore. And

3:32

I think a lot of people have

3:34

said this is kind of a bland response and it

3:36

wasn't very professional, they should

3:38

have probably acknowledged the flaw and tried to

3:41

secure their API and then moved on,

3:43

but instead, because we've kind of goading

3:45

him, you can kind of imagine

3:47

what happens next. So now everyone wants to go

3:49

and hack this APK and go use it. So

3:52

Mishra Rama then wrote another article, this

3:54

time he was kind of directly challenging

3:56

some of the claims that Rabbit was

3:58

making. includes an

4:01

uncut video that showed him installing the

4:03

R1 app onto a normal

4:05

phone and its features worked just fine

4:08

So of course this is kind of refuting

4:10

and not making them look really good Marcel

4:12

who kind of made that original video of

4:15

the the crack responded to showing that it

4:17

works again on his device, right? Because Jesse

4:20

was the CEO of rabbit was saying like

4:22

oh we fixed it We we shut down

4:24

the thing with our security and both of

4:26

them are showing like now it still works

4:28

They also said that rabbits I am checking

4:30

didn't actually work I am ei

4:32

is unique identifier for mobile

4:34

devices, right? So it's pretty not much not checking

4:37

that it's only like your account was only working

4:39

for one device Why does all of this

4:41

matter? There's a okay. There's a couple things

4:43

I'll go more into the drama about one of the

4:45

really big issues here Is that this is a device

4:47

you buy one time and it doesn't have a subscription?

4:50

but if you're hooked up to like It's

4:53

costing money to run these AI models and so people

4:55

are like how is this working? Like how are you

4:58

gonna buy and get a subscription? I'm gonna stop supporting

5:00

this at some point a contrary to like the humane

5:02

AI pin where when you're wearing the humane pin It's

5:04

like 700 bucks But then you

5:06

got to pay I can't remember like 50 bucks

5:08

or 20 bucks a month something like that to

5:10

keep getting service Which is essentially paying for the

5:12

cloud and the usage of all the different AI

5:15

models, right? So this

5:17

is interesting. We then had th e

5:19

l l31 who

5:21

demoed that the r1 app running on a

5:23

different Android device could be instructed to save

5:25

notes back to rabbit's official Backend which they

5:28

call the rabbit hole so this is also

5:30

not good because if it's it's not just

5:32

like they you know, They cracked it and

5:34

they forked it and now you can kind

5:36

of use the same technology and slap your

5:38

own White label on it you

5:41

literally can crack it and then still have

5:43

it like your new device to be saving

5:45

things onto the rabbit Backend which they're

5:47

definitely paying for so

5:50

this This is you know, obviously

5:52

a big security issue They also and

5:54

else also showed that you could use the r1

5:56

so on the r1 device It's got like this

5:59

little scroller on the on the side of the device

6:01

and they want you to use that. It

6:03

has like a screen and people have

6:05

demonstrated that it's actually fully functioning touchscreen,

6:07

AKA pretty much an Android phone, but

6:10

it's actually disabled mostly unless there's like, I think

6:12

one or two like things that you can do

6:14

that enable the touchscreen, but mostly they

6:17

want you to use this little scroll bar. Kind

6:19

of reminds me of the original iPod classics where

6:21

you had like the scroll wheel to like scroll.

6:23

They just have like a little rolling bar, like

6:25

a roller on like a mouse that you can

6:27

use to scroll. People have complained about it, but

6:29

whatever. I mean, it works, but what

6:31

people have also showed, they're like, look, you

6:33

can literally enable this on an Android TV

6:35

because it's just an Android app. And if

6:37

you have it on an Android TV with

6:39

the mouse, clicking up and down on a

6:41

mouse is the equivalent of scrolling because the

6:43

scroll wheel sends D-pad actions, just like a

6:45

TV remote keyboard or any other accessory

6:47

that you'd have. So that's really interesting.

6:50

Then we had Chromomob who is

6:52

showing that the vision feature on

6:55

the R1 app, which is

6:57

running on his phone, right? So everyone's just like turned it into

6:59

an app and is running on their phone. He

7:01

could essentially read and understand a

7:03

bunch of things from Rabbit's own

7:05

Discord server. So, you know, he's

7:07

just kind of making fun of them. It has also

7:09

been demonstrated a bunch of different times in a bunch

7:12

of different ways that the Abbott R1 does not

7:14

run on a very heavily modified or what

7:16

they say bespoke AOSP. So

7:19

kind of that was a lie if I'm being 100% honest,

7:21

right? Like they said that, but obviously

7:23

if you can just put this on an Android phone,

7:25

then it's not true. It's not running on anything custom.

7:28

I don't think anyone really cares that the

7:30

R1 is just based on Android, but I

7:32

think that people do care that the official

7:36

Rabbit CEO and the company of Rabbit are

7:38

saying that this is definitely not an app.

7:40

They're probably saying that for like investor reasons

7:42

or for, I don't know, to try and make it

7:44

seem like the big criticism is like,

7:46

why aren't you just an app? And they're like,

7:48

well, you know, we're like super different, super unique,

7:50

super custom. So, I mean, it's a

7:52

cool device in any like either way, in my

7:54

opinion, but like it's definitely a bad look, having

7:57

to lie to everyone and telling them it's something

7:59

that it's not. So I

8:01

think Rabbit right now though, regardless of this

8:03

whole PR nightmare that they might be having,

8:05

I think they actually have bigger problems on

8:07

their hands right now. And that is the

8:09

fact that if you can run the R1

8:11

on a different phone, what's to stop you

8:13

from running it on a different device entirely.

8:16

And what's to stop someone from taking the

8:18

app Rabbit R1's API in a, you know,

8:20

and putting it on a device

8:22

and slapping their own logo on it. And then

8:24

essentially making Rabbit pick up the tab for it.

8:26

Or if you are super malicious, you could run

8:28

thousands of virtual R1's in

8:31

the cloud and completely overwhelm Rabbit systems. Like it

8:33

just seems like this is a really big security

8:35

issue. All of this is theoretically possible

8:37

because while your activity is tied

8:39

to an account in the Rabbit hole, accounts

8:42

only need an email address to set up.

8:44

So email addresses are really cheap and an

8:46

attacker could make an account, make

8:48

as many accounts as they want, really. So

8:51

the problem is pretty

8:54

much unique to Rabbit because all the other

8:56

AI services are subscription based. So that means

8:58

that user accounts on these services are tied

9:00

to a payment method. And the bank has

9:02

to do like most of the heavy lifting

9:04

to verify the user's identity. Emily

9:07

recently on X was saying that

9:09

it seems pretty inconceivable that they

9:11

wouldn't have thought about any of

9:13

this before launching. Um, by

9:15

then it also seems inconceivable that their

9:17

security would be so easily bypassed twice

9:19

or that they'd, or that they

9:21

would try to prevent or pretend that their app

9:23

wasn't an app. It's obviously just

9:25

an app, right? So I think this is

9:27

interesting. This is obviously a huge mess that

9:30

Rabbit's going to have to sort out. Um,

9:32

if they, the big problem here

9:34

though, in my opinion is like, it's going to

9:36

be tricky for them to try and change their

9:38

API without completely bricking a bunch of the older

9:40

devices and it seems like this is probably something

9:43

they should have figured out before launching. But you

9:45

know, this is the one of a product. This

9:47

is kind of what happens. Um,

9:49

so yeah, very interesting. We haven't gotten

9:51

any updates in over 24 hours from Rabbit. So

9:53

I'll definitely keep you up to date if they

9:55

say anything else, but this is definitely a huge

9:58

drama, very interesting. Thank you so much for. tuning

10:00

into the podcast today. If you've learned anything, I

10:02

would really appreciate it. If you drop us a

10:04

review, leave us a comment or subscribe on YouTube

10:06

wherever you get your podcasts and I hope that

10:08

you have an amazing rest of your day.