Mobile security firm NowSecure has issued a stark warning about severe security vulnerabilities in the DeepSeek iOS mobile application, urging enterprises and government agencies to immediately discontinue its use. The comprehensive security assessment revealed multiple critical risks that could potentially compromise sensitive user data and organizational security.
The identified vulnerabilities include unencrypted data transmission, which exposes user information to potential interception through Man-in-the-Middle attacks. Notably, the app transmits sensitive data to Volcengine, a cloud platform operated by ByteDance, raising significant concerns about data governance and potential unauthorized surveillance.
Cybersecurity experts found that the DeepSeek app circumvents fundamental iOS privacy protections, including bypassing Apple's App Transport Security (ATS) and lacking mandatory Privacy Manifests. These technical gaps substantially increase the risk of unauthorized tracking and data exposure.
The security assessment uncovered additional critical issues such as hardcoded encryption keys using outdated algorithms and insecure storage of user credentials. These technical deficiencies create multiple potential entry points for malicious actors to access sensitive information.
The implications of these vulnerabilities extend beyond individual user privacy, potentially threatening intellectual property, corporate secrets, and national security infrastructure. The risks are particularly pronounced for high-sensitivity organizations, including government agencies and enterprises handling confidential information.
While NowSecure has not analyzed the Android version of the app, the organization recommends that high-risk organizations assume similar vulnerabilities exist across platforms. The research underscores the critical importance of rigorous mobile application security testing and continuous monitoring in an increasingly complex digital landscape.
Cybersecurity professionals recommend organizations immediately assess their mobile application ecosystem, implement robust security testing protocols, and consider alternative AI solutions with stronger security frameworks. The rapid evolution of mobile technology demands constant vigilance and proactive security measures to mitigate potential risks.
