Core Viewpoint - The introduction of the Doubao mobile assistant, developed in collaboration with ZTE, raises concerns about the implications of advanced AI capabilities and system-level permissions in mobile devices [1][2]. Group 1: AI Assistant Functionality - The Doubao mobile assistant can perform tasks such as comparing prices across various food delivery platforms and placing orders with minimal user intervention [1]. - The assistant utilizes advanced permissions, specifically "event injection," allowing for seamless cross-application operations [2]. Group 2: Risks Associated with Permissions - The use of system-level permissions, such as accessibility and event injection, poses significant risks, including boundary-less permission expansion and the potential loss of user control over devices [2]. - There are concerns that malicious entities could exploit these permissions for automated tasks like captcha collection and ticket purchasing, which traditional countermeasures may struggle to detect [2]. Group 3: Authorization and Legal Implications - Doubao emphasizes that user consent is required for the assistant to access event injection permissions, and this is clearly stated in the permissions list [3]. - The legal complexities surrounding AI assistants are highlighted by the Perplexity case, which raises questions about user rights versus platform security and ecosystem integrity [3][4]. Group 4: Need for Regulatory Framework - Experts suggest that AI assistants should be recognized as independent entities, necessitating a distinct data pathway and evaluation system to balance their value and regulatory control [5]. - There is a call for a flexible regulatory approach that allows for post-event adjustments rather than rigid preemptive rules, emphasizing the importance of traceability in AI actions [5].