Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
The Rabbit device has been getting a lot of
0:02
flack since it dropped. It's an AI device, of
0:04
course, that it's like its own thing. You can
0:06
go take pictures with it and ask it what
0:08
it sees. It uses AI to give you feedback.
0:10
It can answer all sorts of questions. It's supposed
0:12
to be like a personal companion. And while a
0:14
lot of people are saying, you know, it can
0:16
do everything that a smartphone can do, they're saying,
0:18
look, this is a totally unique device. It's only,
0:20
I think, like 300 bucks or 200 bucks. So
0:23
it's not like crazy expensive compared to something
0:25
like the Humane Pin. But recently, it has
0:27
been getting a ton of extra flack as
0:29
people have realized that essentially it is just
0:31
an Android phone. It's running on Android. It's
0:33
doing everything an Android phone has done. They've
0:35
cracked it. They've released an APK. There's a
0:37
ton going on that's really interesting. I'm going
0:39
to be reading a bunch of different comments
0:41
over on ex Twitter that have been going
0:43
over this. Emily Shepard kind of did a
0:46
whole round up thread on this that I
0:48
got a lot of great data from. So
0:50
shout out to Emily. But I
0:52
want to go over the whole drama because the
0:54
CEO of Rabbit has been tweeting and people have
0:56
been tweeting at him and there's tons going on
0:58
there. So it's really excited. So let's kick
1:00
this all off. So this all kind of
1:03
got started back on April 30th, Marcel put
1:05
out a tweet. He said, okay, so people
1:07
already cracked that rabbit are one and found
1:09
out it's Android. People duped the
1:12
APK and I got it working with root
1:14
and a few mods on a standard phone.
1:17
So he literally got this thing running
1:19
on a regular Android. It does all
1:21
this stuff when you shake it just
1:23
like the regular device. It lets
1:25
you ask it a question. It's doing everything that
1:27
the regular rabbit device can do. Now, there's
1:30
some really big security issues with being able to
1:32
do this and I'm going to go over them.
1:34
But I did want to say after
1:36
he tweeted that out and he showed kind of a video demo of
1:38
him using it, we got a response
1:41
from the actual team over at rabbit
1:43
and they said rabbit are
1:45
one is not an Android app. We're
1:47
aware that there are some unofficial rabbit
1:49
OS app website emulators out there rabbit
1:51
is customized for the R1 whatever whatever.
1:53
So they have this whole tweet about
1:55
how it's this is definitely not just
1:57
an app because that's kind of the
1:59
criticism. that got a lot of the time is people
2:01
were like, hey, cool device or whatever, it looks cool, it looks
2:03
fun, but like why isn't this just like an app? You know,
2:05
why do you have to sell an entire device? Why aren't you
2:08
just making an app out of this? So
2:10
their response also included a very interesting
2:12
claim that they essentially, you know, when
2:14
they're saying this is an app, they're
2:16
saying that they were using quote, and
2:18
this all comes from their Discord server,
2:21
by the way, that they were using
2:23
quote, very bestoke AOSP and lower level
2:25
firmware modifications. So yeah, anyways, Jesse
2:27
had a previous claim where he said that
2:29
this was a very heavily modified AOSP, and
2:32
AOSP means Android Open Source Project. So
2:34
essentially this is kind of like Android
2:36
without Google's code, so there's no like
2:38
Gmail or okay Google embedded into this,
2:40
but it's essentially Android. And that's kind of the
2:43
purpose of Android, it was an open source project,
2:45
so anyone can go in and kind of use
2:47
this, but you don't get all of the cool
2:49
Google features if you're just forking it and using
2:51
it open source versus actually being on the Android
2:53
ecosystem. So in any case, they're saying,
2:55
yeah, we use that, we heavily modified it, whatever, that
2:58
was kind of their thing. So
3:01
then we have Jess Liu, who is the
3:03
CEO of Rabbit, he went to X and
3:05
he kind of got mad at Mishra Rama,
3:07
who's kind of the author of
3:10
the Android Authority piece, that's an article that
3:12
was written on Android Authority. And
3:14
when they essentially said that this
3:16
is an issue and he said
3:18
quote, why that bootleg APK is
3:21
not working, try now, and you
3:23
know, pretty much like taunting him, being like, we
3:26
fixed the error, we
3:28
fixed the crack or the leak or whatever, so you won't
3:30
be able to use that APK anymore. And
3:32
I think a lot of people have
3:34
said this is kind of a bland response and it
3:36
wasn't very professional, they should
3:38
have probably acknowledged the flaw and tried to
3:41
secure their API and then moved on,
3:43
but instead, because we've kind of goading
3:45
him, you can kind of imagine
3:47
what happens next. So now everyone wants to go
3:49
and hack this APK and go use it. So
3:52
Mishra Rama then wrote another article, this
3:54
time he was kind of directly challenging
3:56
some of the claims that Rabbit was
3:58
making. includes an
4:01
uncut video that showed him installing the
4:03
R1 app onto a normal
4:05
phone and its features worked just fine
4:08
So of course this is kind of refuting
4:10
and not making them look really good Marcel
4:12
who kind of made that original video of
4:15
the the crack responded to showing that it
4:17
works again on his device, right? Because Jesse
4:20
was the CEO of rabbit was saying like
4:22
oh we fixed it We we shut down
4:24
the thing with our security and both of
4:26
them are showing like now it still works
4:28
They also said that rabbits I am checking
4:30
didn't actually work I am ei
4:32
is unique identifier for mobile
4:34
devices, right? So it's pretty not much not checking
4:37
that it's only like your account was only working
4:39
for one device Why does all of this
4:41
matter? There's a okay. There's a couple things
4:43
I'll go more into the drama about one of the
4:45
really big issues here Is that this is a device
4:47
you buy one time and it doesn't have a subscription?
4:50
but if you're hooked up to like It's
4:53
costing money to run these AI models and so people
4:55
are like how is this working? Like how are you
4:58
gonna buy and get a subscription? I'm gonna stop supporting
5:00
this at some point a contrary to like the humane
5:02
AI pin where when you're wearing the humane pin It's
5:04
like 700 bucks But then you
5:06
got to pay I can't remember like 50 bucks
5:08
or 20 bucks a month something like that to
5:10
keep getting service Which is essentially paying for the
5:12
cloud and the usage of all the different AI
5:15
models, right? So this
5:17
is interesting. We then had th e
5:19
l l31 who
5:21
demoed that the r1 app running on a
5:23
different Android device could be instructed to save
5:25
notes back to rabbit's official Backend which they
5:28
call the rabbit hole so this is also
5:30
not good because if it's it's not just
5:32
like they you know, They cracked it and
5:34
they forked it and now you can kind
5:36
of use the same technology and slap your
5:38
own White label on it you
5:41
literally can crack it and then still have
5:43
it like your new device to be saving
5:45
things onto the rabbit Backend which they're
5:47
definitely paying for so
5:50
this This is you know, obviously
5:52
a big security issue They also and
5:54
else also showed that you could use the r1
5:56
so on the r1 device It's got like this
5:59
little scroller on the on the side of the device
6:01
and they want you to use that. It
6:03
has like a screen and people have
6:05
demonstrated that it's actually fully functioning touchscreen,
6:07
AKA pretty much an Android phone, but
6:10
it's actually disabled mostly unless there's like, I think
6:12
one or two like things that you can do
6:14
that enable the touchscreen, but mostly they
6:17
want you to use this little scroll bar. Kind
6:19
of reminds me of the original iPod classics where
6:21
you had like the scroll wheel to like scroll.
6:23
They just have like a little rolling bar, like
6:25
a roller on like a mouse that you can
6:27
use to scroll. People have complained about it, but
6:29
whatever. I mean, it works, but what
6:31
people have also showed, they're like, look, you
6:33
can literally enable this on an Android TV
6:35
because it's just an Android app. And if
6:37
you have it on an Android TV with
6:39
the mouse, clicking up and down on a
6:41
mouse is the equivalent of scrolling because the
6:43
scroll wheel sends D-pad actions, just like a
6:45
TV remote keyboard or any other accessory
6:47
that you'd have. So that's really interesting.
6:50
Then we had Chromomob who is
6:52
showing that the vision feature on
6:55
the R1 app, which is
6:57
running on his phone, right? So everyone's just like turned it into
6:59
an app and is running on their phone. He
7:01
could essentially read and understand a
7:03
bunch of things from Rabbit's own
7:05
Discord server. So, you know, he's
7:07
just kind of making fun of them. It has also
7:09
been demonstrated a bunch of different times in a bunch
7:12
of different ways that the Abbott R1 does not
7:14
run on a very heavily modified or what
7:16
they say bespoke AOSP. So
7:19
kind of that was a lie if I'm being 100% honest,
7:21
right? Like they said that, but obviously
7:23
if you can just put this on an Android phone,
7:25
then it's not true. It's not running on anything custom.
7:28
I don't think anyone really cares that the
7:30
R1 is just based on Android, but I
7:32
think that people do care that the official
7:36
Rabbit CEO and the company of Rabbit are
7:38
saying that this is definitely not an app.
7:40
They're probably saying that for like investor reasons
7:42
or for, I don't know, to try and make it
7:44
seem like the big criticism is like,
7:46
why aren't you just an app? And they're like,
7:48
well, you know, we're like super different, super unique,
7:50
super custom. So, I mean, it's a
7:52
cool device in any like either way, in my
7:54
opinion, but like it's definitely a bad look, having
7:57
to lie to everyone and telling them it's something
7:59
that it's not. So I
8:01
think Rabbit right now though, regardless of this
8:03
whole PR nightmare that they might be having,
8:05
I think they actually have bigger problems on
8:07
their hands right now. And that is the
8:09
fact that if you can run the R1
8:11
on a different phone, what's to stop you
8:13
from running it on a different device entirely.
8:16
And what's to stop someone from taking the
8:18
app Rabbit R1's API in a, you know,
8:20
and putting it on a device
8:22
and slapping their own logo on it. And then
8:24
essentially making Rabbit pick up the tab for it.
8:26
Or if you are super malicious, you could run
8:28
thousands of virtual R1's in
8:31
the cloud and completely overwhelm Rabbit systems. Like it
8:33
just seems like this is a really big security
8:35
issue. All of this is theoretically possible
8:37
because while your activity is tied
8:39
to an account in the Rabbit hole, accounts
8:42
only need an email address to set up.
8:44
So email addresses are really cheap and an
8:46
attacker could make an account, make
8:48
as many accounts as they want, really. So
8:51
the problem is pretty
8:54
much unique to Rabbit because all the other
8:56
AI services are subscription based. So that means
8:58
that user accounts on these services are tied
9:00
to a payment method. And the bank has
9:02
to do like most of the heavy lifting
9:04
to verify the user's identity. Emily
9:07
recently on X was saying that
9:09
it seems pretty inconceivable that they
9:11
wouldn't have thought about any of
9:13
this before launching. Um, by
9:15
then it also seems inconceivable that their
9:17
security would be so easily bypassed twice
9:19
or that they'd, or that they
9:21
would try to prevent or pretend that their app
9:23
wasn't an app. It's obviously just
9:25
an app, right? So I think this is
9:27
interesting. This is obviously a huge mess that
9:30
Rabbit's going to have to sort out. Um,
9:32
if they, the big problem here
9:34
though, in my opinion is like, it's going to
9:36
be tricky for them to try and change their
9:38
API without completely bricking a bunch of the older
9:40
devices and it seems like this is probably something
9:43
they should have figured out before launching. But you
9:45
know, this is the one of a product. This
9:47
is kind of what happens. Um,
9:49
so yeah, very interesting. We haven't gotten
9:51
any updates in over 24 hours from Rabbit. So
9:53
I'll definitely keep you up to date if they
9:55
say anything else, but this is definitely a huge
9:58
drama, very interesting. Thank you so much for. tuning
10:00
into the podcast today. If you've learned anything, I
10:02
would really appreciate it. If you drop us a
10:04
review, leave us a comment or subscribe on YouTube
10:06
wherever you get your podcasts and I hope that
10:08
you have an amazing rest of your day.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More