When Google did this with the recent Gemini paper, no one had any problem with calling it out as credential stuffing, but when Deepseek does it, it’s glorious unity and camaraderie.
No, they absolutely export malware still. All of DJI's apps need to be sideloaded on android because the obfuscated data collection they do is not allowed in Play Store apps[0]. TikTok uses an obfuscated VM to do user tracking[1]. Then there's the malware that the US government has to routinely delete from compromised computers [2][3]