In a surprising turn of events, the DeepSeek app shot to the top of the App Store charts, surpassing even ChatGPT in downloads during its debut month. However, this success comes with a cloud of controversy as serious concerns over privacy and security have emerged. It has come to light that DeepSeek has been transmitting unencrypted data to Chinese servers, amplifying worries over its security vulnerabilities on the iOS platform.
DeepSeek presents significant security challenges by sending unencrypted data across the internet due to multiple flaws in its iOS application. These issues have not gone unnoticed, as US officials are now probing the potential national security threats posed by the app. There is alarm over how user data could be transferred to foreign servers without explicit consent, raising a red flag about privacy invasions.
The findings from NowSecure, a reputable mobile security firm, highlight some critical lapses in DeepSeek’s security measures. Alarmingly, the app does not employ Apple’s App Transport Security (ATS), an essential protocol designed to ensure that sensitive information is only transmitted through encrypted means. By disabling this protection, DeepSeek leaves user data dangerously exposed.
According to NowSecure, while individual data bits might appear insignificant, the collection of numerous data points over time can lead to user identities being uncovered. This is exemplified by a recent breach at Gravy Analytics, which demonstrated how data at scale could effectively de-anonymize countless individuals.
Moreover, DeepSeek’s reliance on outdated encryption technologies with compromised algorithms further endangers user information. The scope of data DeepSeek gathers could even pinpoint targets for espionage, putting users at risk of being profiled.
For instance, consider a user on the latest iPad connected via a cellular network registered to FirstNet, a US public safety broadband network. Such a user, by virtue of their profile, becomes an attractive espionage target.
With the ability to collect extensive data points from millions of apps, including DeepSeek, one can purchase and cross-reference this data to easily unmask users. This revelation casts the security practices of DeepSeek in a particularly negative light.
The detailed analysis of the report underscores that DeepSeek’s iOS app—and its Android counterpart—aren’t safe or secure. Before it can continue operations in the US and expand into other markets, DeepSeek must urgently address these security and privacy issues. Without swift action, the app risks facing severe consequences, similar to those encountered by TikTok, which has faced threats of bans and demands to be sold to a US company.
