(Yicai) Dec. 4 -- Tencent Holdings’ super app WeChat and two major mobile banking apps are among several said to block a new mobile artificial intelligence agent developed by TikTok owner ByteDance as it appears to trip their security controls.

Users of ZTE’s new Nubia M153 smartphone have said online that when they try to use the built-in Doubao Phone Assistant to run WeChat an error message reads "there is an abnormality in the login environment” and they are forcibly logged out. The apps of Agricultural Bank of China and China Construction Bank also display pop-up warnings that prompt users to disable the AI tool before proceeding.

WeChat said in response that it had not taken any deliberate action against Doubao Phone Assistant, suggesting instead that its security controls may have been triggered.

Equipped with the AI agent, the Nubia M153 is the first smartphone developed by Chinese telecom equipment and consumer electronics maker ZTE. Launched on Dec. 1 and priced at CNY3,499 (USD495), the handset is currently only available to developers and industry professionals.

Doubao Mobile Assistant’s key selling point is its ability to switch seamlessly between multiple apps -- managing bookings, placing online orders, downloading batch files, tracking logistics across different platforms, and replying to messages -- all through simple user voice commands.

The Nubia M153 grants the AI assistant the high-level INJECT_EVENTS permission, which is typically reserved for system components developed by the phone manufacturer, according to technical experts in the industry. With this permission, it can read on-screen content, simulate user touches and clicks, and effectively control the phone.

“In essence, Doubao Mobile Assistant has been configured as if it were part of the operating system, rather than a third-party software,” said one of the experts.

The team behind Doubao, ByteDance’s AI model on which the Doubao Mobile Assistant is based, issued a statement on Weibo yesterday, insisting that no malicious hacking is involved. It acknowledged that INJECT_EVENTS is indeed a system-level permission, but clarified that the Doubao Phone Assistant only uses it with explicit user consent.

The assistant will not perform sensitive operations such as payments or identity authentication on behalf of the user, and does not store on-screen content in the cloud nor use it for model training purposes, the team added.

The battle over who controls the gateway to user data -- phone makers, AI model developers, or app developers -- lies at the root of this issue, said Zhou Jingping, chief security officer at security firm Knownsec. While all are racing to deploy AI, internet companies view user data as their lifeline and so are reluctant to allow third-party apps to have such high-level privileges, Zhou noted.

On Dec. 1, the Cloud Computing Standards and Open Source Promotion Committee released guidelines for agent interaction security, stating that AI agents must not bypass verification measures of third-party apps by simulating user behavior. However, the document notes that building a robust dual-authorization mechanism will take time.

Last month, Amazon filed a lawsuit against Perplexity AI, accusing its browser-based AI agent of shopping on behalf of Google users in violation of the platform's Terms of Service. The California-based startup called Amazon a "bully" and argued that users have the right to independently use AI tools.

Editor: Martin Kadiev