The innovative mobile applications developed by the Chinese artificial intelligence (AI) company DeepSeek have rapidly gained popularity since their launch on January 25, 2025. These apps are currently ranked among the top three free downloads on both Apple and Google platforms, attracting a large user base eager to experience the cutting-edge AI technology offered by DeepSeek. However, concerns have been raised by experts regarding the security and privacy risks associated with these apps.
NowSecure, a mobile security firm based in Chicago, recently conducted an analysis of the DeepSeek iOS app and discovered several alarming vulnerabilities. According to NowSecure’s founder, Andrew Hoog, the app collects a significant amount of user data, including device information and Internet address, which could potentially be used to deanonymize users of the app. Additionally, the app communicates with Volcengine, a cloud platform developed by ByteDance, raising questions about data sharing practices between the two companies.
One major security flaw identified by NowSecure is that the DeepSeek iOS app transmits device information without encryption, leaving the data vulnerable to interception and tampering. Furthermore, the app uses an outdated encryption algorithm and hard-coded encryption keys, making it easier for malicious actors to access and manipulate sensitive information. Hoog emphasized the lack of priority given to security and privacy in the app’s design, pointing to potential risks for organizations that use it.
The security concerns surrounding the DeepSeek app have prompted action from various entities. U.S. congressional offices have been advised against using the app due to reported exploits by threat actors. Italy, Taiwan, The Pentagon, NASA, and the U.S. Navy have all taken measures to restrict or block access to DeepSeek over security apprehensions. These actions reflect a growing unease within the international community regarding the potential risks associated with Chinese AI technologies.
In addition to security issues, DeepSeek faces scrutiny over its data handling practices. Researchers at Wiz uncovered a publicly accessible database linked to DeepSeek that exposed a significant volume of sensitive information, including chat history, backend data, and API secrets. The lack of authentication measures in place raised concerns about the potential for unauthorized access and privilege escalation within DeepSeek’s environment.
As the debate surrounding DeepSeek’s security and privacy practices continues, stakeholders will be closely monitoring the company’s response to these issues. DeepSeek and Apple have been approached for comment on the findings, and further developments in this story are expected. The ongoing discussion underscores the importance of robust security measures in the rapidly evolving landscape of AI technology, especially when dealing with sensitive user data.