Doubao Phone: TEE-Powered AI Privacy & Security — A Whitepaper Read + Translation

Preface

Doubao Phone is ByteDance’s AI-native smartphone. At the center of the experience is Doubao Phone Assistant, an AI assistant that can understand user intent, operates the phone on the user’s behalf, and provides personalized services across apps, system functions, and content.

Because this assistant can see and act on highly sensitive information—from messages and photos to financial apps (See the Taylor Ogan tweet)—Doubao Phone is built around Trusted Execution Environments (TEE) and end-to-cloud confidential computing. These hardware-based protections isolate AI models and user data from the rest of the system, so even if another component is compromised, sensitive data and model logic remain protected:

• On the device, TEEs and hardware encryption isolate models and user data from the rest of the OS.
• Across the network, identifiers are pseudonymized and inference traffic is encrypted.
• In the cloud, confidential-computing containers and strict access controls limit exposure and sensitive plaintext.

This document is a faithful 1:1 English translation of the original Doubao Phone Assistant Privacy & Security Whitepaper (v1) released by the ByteDance group. The intent is not to reinterpret the design, but to make its architecture and guarantees legible to a wider, global audience—especially those who care about confidential AI, verifiable infrastructure, and TEE-based privacy protection on consumer devices.

What follows is ByteDance’s own description of how Doubao Phone Assistant is built and how it handles model security, on-device and cloud execution, data protection, and governance processes across the product lifecycle.

1. Overview

Innovation in AI technologies has brought new possibilities to mobile intelligent terminals. Applications represented by AI assistants fully leverage the interaction advantages of smartphones to provide users with smarter, more convenient assistant services. AI assistants can recognize user intent and quickly execute tasks, and can also offer personalized responses based on users’ habits.

While bringing convenience, we are acutely aware of the importance of user privacy and security. Throughout the design of all products and services, Doubao Phone Assistant has always regarded user data and privacy security as one of the primary considerations.

This security whitepaper provides a detailed introduction to the specific management and technical measures Doubao Phone Assistant has implemented to enhance the information security capabilities of its products and services. It is mainly presented in the following four chapters:

1. AI Privacy & Security Fundamentals
2. AI Application Privacy & Security
3. Data Security and Privacy Protection
4. Security Management System

In a highly interconnected world, ongoing technological developments bring new information-security risks. Doubao Phone Assistant strives to provide users with safe, trustworthy, and reliable products. We hope this whitepaper will help users better understand our philosophy and implementation of information security and privacy protection in Doubao Phone Assistant products and services.

If you have any concerns or questions about this whitepaper, please feel free to email us at: [email protected].

2. AI Privacy & Security Fundamentals

Doubao Phone Assistant firmly believes that ensuring users’ control over their data is a prerequisite for the value of AI services. We do not view privacy and security as “add-on features,” but instead embed them across the entire lifecycle of AI services—from early model capability design, to information transmission during user interaction, all the way to destruction of sensitive data after the service ends.

At each stage, we replace “passive response” with “proactive defense”, while also safeguarding users’ right to be informed. In this way, we ensure that innovation and application of AI technologies always proceed on a track that respects user privacy and protects data security—so every user can enjoy the convenience of AI without having to worry about privacy and security.

2.1 AI Service Architecture

Doubao Phone Assistant is built on an end-cloud AI security protection system. Based on ByteDance’s self-developed large models, we have constructed a series of intelligent AI services that provide innovative user experiences.

(A diagram in the original document shows AI business applications running on top of a secure AI security and privacy protection platform, spanning on-device and cloud AI computation.)

2.2 AI Platform Privacy & Security

2.2.1 On-Device (Client-Side) AI Privacy & Security

Secure Runtime Environment

Doubao Phone Assistant runs on a secure hardware platform equipped with an NPU (Neural-network Processing Unit) inference engine and TEE (Trusted Execution Environment) hardware security capabilities. With the help of hardware-level isolation and encryption mechanisms, Doubao Phone Assistant provides comprehensive protection for user data.

Local Model Security

Based on a trusted TEE and hardware-level file-encryption technologies, Doubao Phone Assistant provides end-to-end protection for model data provisioning, distribution, update, storage, and inference. This protects the security of model algorithms and prevents user data from being leaked during on-device inference.

1. Model Data Protection
   • Model data is encrypted using platform keys that are pre-provisioned inside the trusted TEE.
   • Before distributing or updating models, we use PKI-based trusted device authentication to ensure models are only distributed to secure hardware devices.
   • On the device, encrypted models are decrypted by TEE security services and then re-encrypted using hardware-level encryption technologies, and stored in dedicated encrypted file directories.
2. Secure Model Inference
   • Under the supervision of system-integrity measurement and detection services, models are decrypted from the local encrypted directory and loaded into the inference framework.
   • When the system detects a privileged-attack attempt, it will refuse to provide model decryption and loading services, thereby ensuring the security of both the model and user data during inference.

Secure Local Model Inference

Doubao Phone Assistant deploys part of its AI models directly on the smartphone to enable protection of highly sensitive data by processing it only on the local device. Currently, the main categories of on-device large models include:

• OCR Model – used to extract and recognize text from users’ local images.
• Text Embedding Model – used to vectorize user data for efficient retrieval.
• Named Entity Recognition Model – used to extract named entities from business data.
• Content Recognition Model – used for content-safety and compliance checks on inputs and outputs of local model inference.
• Multimodal Large Model – used for understanding local images and videos, as well as summarizing text.

These models are applied in various AI service scenarios that involve highly sensitive data, and will continue to be optimized and extended to more scenarios in the future.

2.2.2 Cloud AI Privacy & Security

Sensitive Data Not Used for Training

Doubao Phone Assistant has a comprehensive security architecture design which, at the technical-architecture level, ensures that user-sensitive data is not used to train models. Original user data is used only for processing service requests. Any generated business data is strictly protected and isolated from training data.

Fine-Grained Data Access Control

Through fine-grained permission control on the cloud platform, we ensure that without explicit user authorization, user-sensitive data will not be stored, accessed, or used by any third party in unnecessary scenarios or forms.

End-to-End Data Security Protection

Security measures at the technical level focus on full-chain coverage, rather than relying on manual agreements or processes. Data is always encrypted during transmission and storage. For model inference, de-identification and de-linking techniques are used to remove ties to natural persons, preventing targeted access to plaintext, user-linkable sensitive data.

1. Transmission Security
   • Data transmitted over the end-cloud link is encrypted.
   • Service-to-service calls include identity control and authentication, ensuring the confidentiality and integrity of data.
2. Storage Security
   • Cloud data is encrypted at rest using TKMS (Trusted Key Management Service).
   • The encryption algorithm used is AES-256-GCM.
3. Log Security
   • All logging strictly follows the Doubao Phone Assistant logging specification.
   • Logging of user personal information and other sensitive data is not allowed.
   • A dedicated security team conducts reviews and acceptance.

Trusted Computing

To ensure trusted execution of cloud-side security capabilities, key cloud services are deployed in confidential-computing containers. All processing logic leverages confidential-computing isolation features to ensure plaintext data is isolated from the external environment.

Over the long term, we are building capabilities such as trusted computing inference and remote attestation to technically demonstrate that no one can access users’ sensitive data from a theoretical security perspective.

Model Security Protection Services

To ensure that cloud-based large models can safely and reliably serve AI services, we have built a model protection service. This service analyzes, detects, and filters inputs to and outputs from large language models and multimodal models, mitigating risks such as:

• Prompt-injection attacks
• Intent-execution deviation
• Sensitive-information leakage

2.2.3 Cloud Service Security

Cloud Infrastructure Security

Doubao Phone Assistant adheres to a defense-in-depth security philosophy and has established a comprehensive, advanced cloud-security protection architecture. From network to host to container, we adopt state-of-the-art security technologies.

These include, but are not limited to:

• Deploying advanced network-threat detection systems (Network Traffic Analysis, NTA) at the network perimeter to detect and alert on malicious intrusions.
• Routing all traffic through a Web Application Firewall (WAF) for attack detection and validation, ensuring security and legitimacy, and blocking malicious requests in real time.
• Deploying Host-based Intrusion Detection Systems (HIDS) on physical servers to monitor abnormal processes, detect suspicious outbound connections, and identify malware and backdoors for timely response.
• Using DDoS protection systems to automatically filter out attack traffic and forward only legitimate traffic to servers, ensuring services are not affected by Distributed Denial-of-Service (DDoS) attacks.

The security team closely monitors the overall security landscape and the latest attack techniques, continuously iterating and upgrading defense measures to keep services secure.

Cloud Business System Security

To enhance the security and availability of cloud-side systems related to Doubao Phone Assistant and prevent potential security attacks after launch, we conduct rigorous security testing before systems go live. Only after passing these tests can systems be deployed.

In testing, we reference industry best practices (e.g., OWASP Top 10 Web Application Security Risks), and tailor technical test plans based on actual business scenarios. Professional security testers then perform the tests.

Additionally, access layers of Doubao Phone Assistant adopt high-availability architectures, running multiple instances in parallel to ensure service reliability and stability.

3. AI Application Privacy & Security

Doubao Phone Assistant fully recognizes the importance of user privacy and treats it as a core foundation of product design. All feature designs revolve around this core and adhere to the principles of informed consent, data minimization, and user control.

For informed consent: whether when enabling Doubao Assistant itself or activating other applications, we clearly explain data-processing rules to users. Relevant features are only enabled after user consent, ensuring users’ right to know how their data is used.

User control means users have strong control over both data and functionality. For example, in AI-assisted phone operations, when an action may significantly affect a user’s important interests, the assistant will proactively request user confirmation to ensure the operation aligns with the user’s true intent.

3.1 Doubao Assistant

When Doubao Assistant is invoked while the phone is in a locked state, to prevent highly sensitive operations from being performed without authorization, the assistant initiates a secure access authentication. Only after successful authentication can it execute subsequent advanced operations or query sensitive data, protecting user privacy.

When users use Doubao Assistant to access and retrieve local data, they can control behavior on a per-app basis according to their needs and privacy preferences. Users may choose the scope of data that can be searched, thereby controlling access to their personal data and protecting privacy.

When Doubao Assistant provides intent-execution capabilities, we enforce intent access-control mechanisms for key operations such as intent registration, intent execution, and data access/use. All operations must pass secure-access authentication before execution, ensuring the legitimacy of the initiator and preventing unauthorized operations.

To more flexibly complete user instructions, Doubao Phone Assistant provides a feature that allows AI to operate the phone automatically on behalf of the user. To avoid over-authorization risks, we have established strict control mechanisms for operations involving sensitive user data. These operations require explicit confirmation and authorization from the user. In particular, high-risk operations require secondary confirmation before they can be accessed and executed. These include six main categories:

1. Permissions and Privacy Management
2. Financial and Transaction Operations
3. System and Device Control
4. Operations related to Legal and Compliance Requirements
5. High-risk Irreversible Operations
6. Health and Medical Data Processing

Sidebar: The Agent Stack Behind Doubao (UI-TARS-2)

From a systems point of view, Doubao Phone isn’t just “a phone with an LLM on it,” it’s sitting on top of a pretty serious GUI-agent stack. ByteDance’s UI-TARS-2 report describes a native GUI-centered agent that unifies perception, reasoning, and control over desktops, Android, and browser environments, trained with a multi-turn RL pipeline and a large data flywheel.

A few details are worth calling out when you think about Doubao as a confidential AI device:

• All-in-one GUI sandbox. UI-TARS-2 runs inside a unified sandbox that can drive Windows, Ubuntu, Android, and browser games using the same action space (click, type, scroll, tool calls, terminal, etc.). This is exactly the kind of infrastructure you need if your phone assistant is going to operate arbitrary apps and UI surfaces rather than just answer chat prompts.
• Data flywheel + multi-turn RL. Instead of just SFT on human traces, they run a loop of continual pre-training, supervised fine-tuning, and RL with verifiable rewards, feeding back agent trajectories into the training set. That’s how you get an assistant that can survive long, messy, multi-step interactions on real apps instead of overfitting to short demos.
• Real benchmarks, not toy demos. UI-TARS-2 reports strong results on OSWorld, WindowsAgentArena, AndroidWorld, Online-Mind2Web, plus a 15-game suite and LMGame-Bench—often beating Claude and OpenAI CUA-style agents on GUI tasks. In other words: this isn’t just a research prototype, it’s competitive with frontier agents on the kinds of workflows a phone actually needs.

Put together, you can think of Doubao Phone as UI-TARS-class agent capabilities running inside a TEE-anchored confidential-computing envelope. The RL-trained GUI agent stack gives it the “DeepSeek moment for local AI” on the capability side, while the TEE and end-to-cloud confidential computing turn that capability into something you can plausibly trust with your entire digital life.

3.2 Global Memory

Global Memory is subject to strict security measures in both data acquisition and processing, while fully implementing the user-control principle.

Protection Measures:

1. Data Minimization Principle
   • Data collection follows a reasonable-necessity standard.
   • Only data required to implement the Global Memory feature is collected, avoiding excessive collection and reducing privacy-leakage risk at the source.
2. “On-Device First” Processing Principle
   • Data processing is performed on the device whenever possible, with processed data encrypted and stored on-device.
   • If, due to device capabilities or other technical limitations, data must be uploaded to the cloud for processing, strict protection measures are implemented during transmission and processing. Data is deleted immediately after use.
3. Clear Purpose Limitation
   • Data recorded by Global Memory is used only to provide memory viewing and intelligent-reply features to users.
   • It is not used in scenarios that are unrelated to these functions and is not used for model training, ensuring a single, secure purpose.

User-Control Measures:

1. Controllable Authorization
   • Clear privacy statements are presented before enabling any Global Memory feature, informing users of the data scope involved.
   • Features are enabled only after user authorization.
2. Controllable Feature Switches
   • After enabling memory features, users can turn them off at any time.
   • A quick toggle is provided in Control Center, allowing users to stop memory recording at any time to protect privacy.
3. Controllable Data Management
   • Users can delete specific data or clear all records.
   • Users can flexibly manage their memory data and decide which data is retained or deleted.
4. Controllable Recording Awareness
   • The status bar provides real-time prompts when recording, so users always know when memory features are recording information and can clearly understand and control the process.
5. Controllable Viewing Permissions
   • Viewing memory records requires verification via lock-screen password, ensuring only the user can access memory content and preventing unauthorized access by others.
6. Controllable Recording Scope
   • Users can configure which apps are allowed to be recorded, customize recording time periods, and set geofences.
   • Users can also use natural-language instructions to request that certain information not be recorded, precisely controlling the recording scope.

4. Data Security and Privacy Protection

Doubao Phone Assistant provides users with full-lifecycle data-security protection solutions, ensuring that user data is protected at every stage—collection, storage, transmission, access, and destruction.

We also reference industry best practices to define data-classification and grading standards, along with corresponding security requirements, ensuring that protection measures are aligned with the sensitivity of personal data and the value of data assets. This minimizes risks of unauthorized data use, data exposure, and data leakage.

4.1 Data Encryption Protection

4.1.1 On-Device Data Storage Encryption

Based on system-level file-encryption mechanisms, user data and files collected by AI services are stored in application-sandbox directories that are encrypted and protected by the device’s lock-screen password.

For highly sensitive personal memory databases, we also use database-level encryption. Data is decrypted only when the AI service is running, further strengthening data security.

(A diagram in the original shows AI business applications writing to encrypted files and databases via an encryption SDK, with keys protected by the lock-screen password.)

4.1.2 End-to-Cloud Full-Link Encryption

Communication Link Encryption

Doubao Phone Assistant comes with a TLS security certificate issued by ByteDance, and end-cloud communication uses mutual-authentication encrypted communication.

When the on-device AI service initiates a cloud-inference request, device and cloud security services perform mutual identity authentication for both device and cloud service, ensuring both are trusted communication entities. After that, a trusted encrypted channel is established to secure communication data.

Sensitive Data Encryption

To further mitigate risks of user-data leakage, we apply secondary encryption to privacy-related data in cloud-inference requests. This ensures secure encrypted transmission of inference data between the client app and cloud services.

At the start of a session, the on-device privacy-security service negotiates a one-time encryption key with the cloud-side security-protection service and uses it to encrypt inference-request data, ensuring data security. After inference is completed, both the key and the data are immediately destroyed to prevent illegal data analysis or use of data unrelated to the current request.

4.1.3 Cloud-Side Data Storage Encryption

Doubao Phone Assistant has built a user-isolated data-encryption storage scheme. Each user has an independent data-encryption key system, enabling per-file encryption for cloud-stored data and files, and preventing cross-user data access.

Before user data is uploaded to the cloud, it is encrypted on the device. After encrypted data is uploaded, business services cannot directly use plaintext data without authorization.

(A diagram in the original shows TKMS managing user master keys and business keys, which encrypt data and files stored for each user.)

4.2 Data De-Identification Protection

4.2.1 ID Pseudonymization

Doubao Phone Assistant has built a privacy-preserving inference pipeline for users. For some on-device inference requests involving user-privacy data that must be sent to the cloud, the end-cloud coordinated security service performs pseudonymization on the user account UID and device DID.

That is, a pseudonym ID is used to replace the real ID as the data subject identifier. As a result, cloud AI requests do not contain the real user UID or device ID, and business-side data analysis and processing cannot directly track or analyze users.

4.2.2 Privacy De-Identification

Before an inference request enters the model-inference stage, user information is further anonymized and de-identified. Sensitive information that can directly identify an individual user is recognized and masked, reducing the possibility of user-information exposure.

4.3 Privacy Protection

4.3.1 Privacy Protection Policies

Doubao Phone Assistant actively complies with requirements of Chinese laws and regulations, taking the following as core references:

• Personal Information Protection Law
• Data Security Law
• Cybersecurity Law
• GB/T 35273-2020 Information Security Technology – Personal Information Security Specification
• GB/T 41391-2022 Information Security Technology – Basic Requirements for Personal Information Collection by Mobile Internet Applications (App)
• YD/T 2407-2021 Technical Requirements for Security Capabilities of Mobile Intelligent Terminals

We interpret these in detail and, combined with the characteristics of Doubao Phone Assistant, formulate internal privacy-compliance guidelines and self-inspection checklists, including:

• Data Security & Privacy Compliance & Security Certification Requirements Guide
• Standards and Self-Inspection Guidelines for Determining Illegal Collection and Processing of Personal Information by Apps
• Business Security Design Process Specification
• End-Cloud Security Design Baseline

4.3.2 Privacy Protection Practices

Privacy Impact Assessment (PIA)

To strengthen management of users’ personal data and reduce the probability of privacy-security risks, Doubao Phone Assistant has established a Privacy Impact Assessment (PIA) management process.

For personal-data processing activities, we examine their legality and compliance, assess various risks they may pose to the legitimate rights and interests of data subjects, and evaluate the effectiveness of protective measures. This ensures that collection, processing, and use of personal data are reasonable, lawful, legitimate, and necessary, protecting the rights and interests of data subjects.

To ensure efficient execution of the PIA process, we have set up a Privacy Compliance Review Group. This group:

• Handles PIA-related assessment requests
• Provides compliance-assessment opinions and solutions
• Follows up on implementation of compliance measures

The PIA process is integrated into the full development lifecycle of Doubao Phone Assistant. Based on PIA scope, we conduct assessments, identify privacy-compliance risks, and take corresponding mitigation measures to ensure the business meets group-level security and privacy-compliance requirements.

Doubao Phone Assistant initiates the PIA process in the following scenarios:

1. Collection of new categories of personal data
2. Requiring users to provide personal data as a condition (mandatory collection)
3. Disclosing personal data to organizations or individuals that previously had no access
4. Using previously collected personal data for new purposes
5. Use of new technologies that may be considered privacy-invasive
6. Use of sensitive personal information
7. Changes in laws, national standards, or regulatory policies
8. Other high-risk scenarios where changes in personal-data processing content or methods may introduce significant risk

Privacy-Compliance Detection Capabilities

To effectively implement privacy-compliance requirements, we combine manual review and automated tooling in our business development and iteration processes. Detection items cover compliance requirements across the entire data lifecycle, aligned with the personal-information-processing requirements of the Personal Information Protection Law.

Detection targets include all pre-installed self-developed applications and third-party pre-installed applications. Using a combination of static and dynamic privacy-compliance detection technologies, we identify privacy-risk issues, including:

• Static detection such as sensitive-API scanning and sensitive-permission scanning
• Dynamic detection such as analysis of sensitive-function calls

Given that Doubao Phone Assistant data is “generated on the device and flows between device and cloud,” we protect users’ personal data at all stages while balancing “security protection” with “user experience.” Through underlying technologies, we block privacy-leakage risks while allowing users to intuitively perceive and autonomously control privacy permissions and personal data.

4.3.3 Privacy Protection in Practice

Doubao Phone Assistant safeguards user personal data throughout its lifecycle:

1. Authorization
   • Users have autonomous control over personal data.
   • Within the client, users can manage data-usage permissions for each AI application, and further refine controls by data type.
   • This ensures users can manage data usage in a way that is “knowable, controllable, and revocable.”
2. Transmission
   • Data transmission between apps, as well as user-sent voice, prompts, and images, is encrypted.
   • This prevents interception during transmission and ensures data is secure from the user side to the service side.
3. Storage
   • Encryption technologies are used to store data as ciphertext.
   • Only necessary interaction data is retained, and associated account identifiers are also encrypted.
   • Expired data is automatically cleaned up, reducing storage risk.
4. Use
   • Voice data is used only for speech-to-text conversion and intent understanding.
   • Sensitive information in prompts is automatically de-identified.
   • Personal information in images is recognized by AI and receives enhanced protection.
   • All data is used solely to respond to user requests; sensitive information is anonymized and is not used for model training by default.
5. Management
   • We enforce “least-privilege” access control.
   • All internal operations are logged end-to-end.
   • Users can view data, selectively delete it, or clear it with one click.
   • When an account is canceled, all associated information is deleted simultaneously, ensuring users retain control over their data.

5. Security Management System

Doubao Phone Assistant has built a comprehensive management system for AI security—from establishing dedicated security teams, embedding security considerations into project design and development, strictly managing suppliers, to formulating emergency-response plans for security incidents.

Through a combination of policies, technical safeguards, and professional teams, we aim to build a robust security barrier for the entire lifecycle of user data.

5.1 Dedicated Security and Privacy Teams

For Doubao Phone Assistant, we have established dedicated security and privacy teams, forming a dual-layer guarantee of technology and compliance:

• The Security Team focuses on technical defenses across the AI system lifecycle. They are deeply involved in the Software Development Lifecycle (SDLC):
  • Defining security requirements during demand analysis
  • Reviewing architectural security in the design phase
  • Providing security training and guidance during coding
  • Conducting security testing during the test phase
  • Continuously monitoring and quickly handling anomalies after launch
• The Privacy Team focuses on compliance control:
  • Reviewing data-collection scope and authorization practices
  • Supervising implementation of encryption and de-identification
  • Tracking regulatory updates and conducting compliance audits to protect user data rights.

5.2 Security-by-Design and Secure Development Process

To provide robust security protection, Doubao Phone Assistant deeply practices the concepts of Security by Design and Privacy by Design. During product design, we treat information security and privacy protection as key considerations, ensuring strong protection for the security and privacy of the AI experience.

We have established a secure development process covering the entire lifecycle—from product requirements, design, development, and testing to launch—tailored to AI-business characteristics. Major phases include:

1. Risk-Requirement Identification
   • Led by the security team in collaboration with business and development teams.
   • Business scenarios and functions of the AI system are reviewed to identify potential security risks (e.g., data leakage, model attacks).
   • Risk-control objectives and security requirements are defined, forming a “risk list” as a baseline for secure development.
2. Security Review
   • After the system design is finalized, cross-department security review meetings are held.
   • The security team evaluates plan security and data-flow compliance, focusing on whether identified risks are addressed.
   • Designs that fail the review must be optimized and resubmitted, ensuring no security gaps at the design stage.
3. Security Testing
   • After development completes functional modules, a security testing ticket is submitted to the security team.
   • The ticket includes module functions, data types involved, and test scope.
   • The security team formulates a special test plan specifying methods (e.g., penetration testing, vulnerability validation) and acceptance criteria to ensure targeted and effective testing.
4. Incremental Scanning
   • During code iteration and feature updates, automated scanning tools focus on new and modified code.
   • Real-time security scans detect issues such as code vulnerabilities and dependency risks.
   • Results are synchronized to the development team with remediation requirements and deadlines, and the security team tracks progress to ensure risk remediation.
5. Pre-Launch Security Acceptance
   • Before release, the security team conducts a comprehensive acceptance based on the “risk list,” including:
     • Verifying implementation of risk-control measures
     • Checking remediation of issues found in incremental scanning
     • Performing full penetration testing
   • Only after passing acceptance and issuing a report can the product be released. Projects that fail must be fixed and re-assessed.

5.3 Security Vulnerability Management and Response

Doubao Phone Assistant has a complete security-vulnerability management process to promptly discover, respond to, and analyze new security vulnerabilities, and provide remediation and mitigation as quickly as possible.

The professional security-operations team regularly performs security testing and offensive-defensive exercises on products to uncover potential vulnerabilities and risks as early as possible. Each phase of the process has clearly defined roles and time limits. For example:

• In the risk-collection stage, vulnerability intelligence must be obtained, analyzed, and judged within 9 hours.
• In the emergency-response stage, critical business must be repaired within 96 hours.

The Doubao Phone Assistant team has a professional collaboration structure, with members specializing in vulnerability intelligence, security offense and defense, and PMO, each performing their respective roles. The PMO tracks process progress to ensure effective implementation.

On the technical side, the company uses:

• Multi-dimensional threat-intelligence monitoring (covering CVEs, social media, etc.)
• Full-scenario impact assessment (including server-side, client-side, and office-network environments)
• 24/7 attack monitoring

Combined with tools such as WAF and HIDS, we implement security protection.

The Doubao Phone Assistant team has also established a complete vulnerability-remediation mechanism, covering:

• External and internal notifications (to internal staff, cloud customers, regulators)
• Remediation of existing issues
• Ongoing control of newly introduced risks
• Post-incident review and optimization

These measures ensure a high vulnerability-remediation rate and continuous improvement of security posture.

Closing Note: TEE-Driven Confidential AI on Doubao Phone

From a confidential AI standpoint, Doubao Phone Assistant is best understood as a reference architecture for TEE-centric AI on consumer hardware:

• It pushes sensitive inference and memory as far to the device TEE as possible, minimizing the need to trust remote infrastructure.
• When the cloud is required, it relies on confidential computing, per-user encryption, and de-identification to constrain who can see what.
• It couples these technical measures with process: privacy impact assessments, secure development practices, and dedicated security and privacy teams.

For Western practitioners and researchers, this whitepaper is valuable less as marketing and more as a concrete, system-level design: it shows how a major vendor is wiring TEEs, key management, and confidential computing into an AI-native phone, and where they draw the line between on-device and cloud execution.