Introduction
The DeepSeek app, a popular AI tool for iPhones, is causing controversy after it was discovered that it collects and transmits sensitive user data to servers in China without encryption. Security experts from NowSecure identified severe vulnerabilities in how the app handles data, increasing the risk of attacks and information theft. DeepSeek’s disabling of Apple’s App Transport Security (ATS) feature and transmission of data through ByteDance’s Volcano Engine platform have raised significant concerns about user privacy and security within the tech community.
Main Content
1. DeepSeek App and Security Vulnerabilities
Security experts at NowSecure found that DeepSeek collects and sends sensitive data from users’ devices over the internet without encryption. This increases the risk of data being intercepted or tampered with by hackers. “DeepSeek has sent certain user and device data over the internet without encryption, making it susceptible to intentional attacks by cybercriminals,” shared a representative from NowSecure.
DeepSeek app on iPhone sending sensitive data to China – 1DeepSeek sends unencrypted data from devices to servers in China (Image: NowSecure).
2. App Transport Security (ATS) Vulnerability
App Transport Security (ATS) is a security feature introduced by Apple in iOS 9 and macOS 10.11 designed to protect data transmitted over the network in iOS and macOS applications. It ensures that data sent over the internet is not intercepted or altered by hackers, enhancing privacy and reducing the risk of network attacks.
However, DeepSeek has disabled ATS, leaving user data unencrypted as it is sent over the internet. “Because ATS is disabled, DeepSeek sends unencrypted data over the internet,” commented a representative from NowSecure.
3. Servers and Storage Platform
Experts from NowSecure also found that DeepSeek data is sent to servers managed by ByteDance’s cloud computing and storage platform, Volcano Engine, the parent company of TikTok. This raises concerns about the safety of using DeepSeek, an AI tool developed in China.
4. Concerns Over User Data Collection
This week, the Associated Press reported that DeepSeek’s website is configured to send user login information to China Mobile, a telecommunications company owned by the Chinese government. These findings have provided additional reasons for governments like the U.S., Australia, Italy, Belgium, South Korea, etc., to ban government and military employees from using DeepSeek.
5. Comparison with TikTok
Like TikTok, another popular Chinese app, DeepSeek faces growing concerns over security and user data collection. The surge in concerns around DeepSeek has reminded many of TikTok, which has been banned in several countries due to security and data collection worries.
6. General Users and Security Concerns
Notably, general users seem largely unconcerned about the security risks associated with using DeepSeek. Evidence of this is the consistent increase in traffic to its website, making DeepSeek the second most popular AI chatbot globally, just behind ChatGPT. The app also surpassed ChatGPT as the most downloaded AI application last month on the App Store.
Conclusion
DeepSeek’s disabling of Apple’s ATS feature and the unencrypted transmission of data to servers in China have raised serious concerns about user privacy and security. While the app continues to attract users due to its convenience, security experts advise caution and recommend that users carefully consider the potential security risks before using such applications, especially when they handle sensitive data.
References
- NowSecure. (2025). [DeepSeek app on iPhone sending sensitive data to China]. Dantri.com.vn.
- Associated Press. (2025). [DeepSeek website sending user login info to China Mobile].
- Apple. (2015). [App Transport Security]. Apple Developer Documentation.
