Security flaws and privacy concerns affect the DeepSeek app for iOS.
Concerns are increasing about the lack of security and privacy controls of the DeepSeek AI chatbot developed in China.
DeepSeek, one of the standout apps in the App Store, presents serious security vulnerabilities, according to a report from NowSecure. This artificial intelligence chatbot, originating from China, launched last month and has garnered attention, but its data handling is concerning. The app transmits sensitive information over the Internet without encryption, exposing it to interception and manipulation. In addition, it uses the Triple DES encryption method, which is considered outdated and easily vulnerable, likening it to using an old, worn-out lock on your front door.
Another issue is that DeepSeek reuses duplicated encryption "keys," which is similar to using the same password for all accounts: if one is compromised, the rest are at risk. These encryption keys are hardcoded directly into the app, making them easy targets for cybercriminals, akin to hiding a house key under the doormat—an insecure strategy.
NowSecure has also detected that DeepSeek's data storage is inadequate, meaning that usernames, passwords, and encryption keys are stored without proper security measures. The app also collects information about the user and the device, which could facilitate tracking and de-anonymization. A relevant detail is that user data is sent to ByteDance servers, the company behind TikTok, which is currently facing difficulties in the United States due to a law requiring the sale of the app to a U.S. buyer.
Aware of these vulnerabilities, NowSecure recommends removing the DeepSeek app from managed environments and Bring Your Own Device (BYOD) settings, urging users to choose another artificial intelligence chatbot solution that prioritizes mobile app security and data protection.
This is not the first time concerns have arisen regarding DeepSeek. Microsoft, one of the leading investors in the OpenAI competitor, is investigating whether DeepSeek has employed unethical methods to train its reasoning models, which could be considered intellectual property theft. Additionally, there are concerns about potential censorship that the app may be promoting.
Given the number of controversies surrounding DeepSeek, removing the app from mobile devices may be the most prudent decision, especially when there are already other artificial intelligence chatbot alternatives available in the market.
