This post is also available in:
עברית (Hebrew)
A new report by US-based mobile security firm NowSecure has raised serious concerns about the security and privacy practices of DeepSeek’s iOS app, which quickly became the most downloaded app on the App Store after it had been launched. According to NowSecure, the app contains significant vulnerabilities that expose user data to potential attacks and surveillance, further fueling global security concerns.
One of the primary issues highlighted in the report is the app’s use of unencrypted data transmission. DeepSeek’s iOS app transmits mobile registration and device data over the internet unencrypted, making it susceptible to interception and modification. This flaw, which could allow attackers to manipulate data or monitor app activity, is especially troubling given the app’s recent surge in popularity.
Even though Apple’s platform includes built-in protections against such flaws, NowSecure discovered that these safeguards were disabled in the DeepSeek app. According to the report, when a user first launches the app, it connects to DeepSeek’s backend to configure the application and register the device, but this process remains vulnerable to both passive and active attacks.
Additionally, the app employs outdated Triple DES encryption, uses hardcoded encryption keys, and reuses initialization vectors—practices that violate basic security standards. The report also found that DeepSeek stores sensitive information, including usernames, passwords, and encryption keys, insecurely on devices, which could be exploited by attackers with physical access to the device.
Moreover, NowSecure identified that the app sends sensitive data points, such as organization IDs and device OS versions, to servers controlled by ByteDance, the parent company of TikTok. This raises concerns over government access to this data, particularly since the data is stored on servers in China, which has led several nations to take action.
Countries such as South Korea, Australia, Italy, and Taiwan have already banned the app from government devices, citing security risks. France and Ireland are also investigating the app’s data handling practices. Meanwhile, US lawmakers have proposed severe fines for the use of Chinese AI software, reflecting growing concerns over data privacy and national security.
With the level of controversy DeepSeek is experiencing, it will be interesting to see if the company’s rapid rise in popularity will be matched by a swift decline, especially as more countries take action against its security practices.
