Experts from Chicago-based mobile security firm NowSecure (USA) have discovered that the DeepSeek iPhone app extensively collects user and device data but fails to adhere to best security standards.
“The DeepSeek iOS app sends certain device and user data over the internet without encryption. This means the data could be intercepted, stolen, or intentionally altered by hackers,” a NowSecure representative stated.
A screenshot of the DeepSeek app on an iPhone, illustrating unencrypted data transmission to Chinese servers.The DeepSeek iPhone app sends unencrypted data from the device to servers in China (Photo: NowSecure).
NowSecure experts also found that DeepSeek has several weaknesses in the process of encrypting user data within the app, such as issues with the App Transport Security (ATS) security feature.
App Transport Security (ATS) is a security feature introduced by Apple starting with iOS 9 and macOS 10.11, designed to protect data transmitted over networks in iOS and macOS applications.
This feature helps protect data transmitted from apps over the internet from being stolen or modified by hackers, enhancing privacy when sending information online and reducing the risk of cyberattacks.
Apple still allows developers to disable ATS in their apps, but this is not recommended due to potential security risks and the fact that data sent from the app would not be encrypted.
“Because the ATS feature is disabled, DeepSeek sends unencrypted data over the Internet,” commented a NowSecure representative.
Another notable detail discovered by NowSecure experts is that DeepSeek’s data is sent to servers managed by the cloud computing and storage platform named Volcano Engine, developed by ByteDance, TikTok’s parent company.
NowSecure’s findings further heighten concerns about the safety of using the Chinese AI tool, DeepSeek.
Earlier this week, the Associated Press reported that it found DeepSeek’s website configured to send user login information to China Mobile, a telecommunications company owned by the Chinese government.
These concerns give governments in many countries, including the US, Australia, Italy, Belgium, and South Korea, additional reasons to prohibit government and military personnel from using DeepSeek.
Notably, both DeepSeek and the Beijing authorities have remained silent, offering no comments on the allegations of user information collection concerning this AI tool.
The surge in DeepSeek’s popularity and the accompanying concerns remind many of another popular Chinese app, TikTok. This social network has also been banned in several countries due to security and user data collection concerns.
Significantly, much like with TikTok, general users appear largely unconcerned about data safety issues when using DeepSeek.
Evidence shows that the AI tool’s website continues to see increasing traffic, making DeepSeek’s website the second most popular AI chatbot globally, only after ChatGPT. The DeepSeek app also surpassed ChatGPT to become the most downloaded AI application on the App Store last month.
