Newer versions of the Rabbit R1's APK are protected by https://www.zimperium.com/zshield/ (I don't know this for certain, somebody told me it is but I haven't really seen any identifying marks in the code yet)
Interesting assets within the APK:
lib/arm64-v8a/liboptipkawfn.so ~3MB packed/encrypted ELF
assets/optipkawfn/0.odex only 41 bytes
assets/optipkawfn.szip ~8MB - I predict containing encrypted+compressed bytecode
The Rabbit R1 uses a few custom APIs to talk to The Cloud™. Almost nothing happens on-device, and all the AI magic happens on servers.
Consequently, you don't really need the physical device.
In lieu of an authentication scheme, Rabbit's servers attempt to verify device authenticity by checking the TLS client's JA3 fingerprint, presumably enforced by AWS WAF.
If your TLS client doesn't match an expected fingerprint, you'll get HTTP 403 errors. This fingerprint works: