DeepSeek iOS App Found Transmitting Sensitive User Data Unencrypted, Raising Major Security Concerns
TeamHood 
A recent security audit has revealed alarming vulnerabilities in the DeepSeek iOS app, a rising AI-powered application, which has been found transmitting sensitive user data unencrypted over the internet. Cybersecurity experts have warned that this practice exposes users to potential cyber threats, including data interception, unauthorized access, and manipulation. The findings, disclosed by mobile security firm NowSecure, highlight critical security flaws that could put millions of users at risk.
As DeepSeek continues to gain global popularity, concerns are mounting over its security practices, particularly given its links to Chinese tech conglomerate ByteDance. Governments and security experts worldwide are now calling for stricter regulations and even potential bans to mitigate the risks associated with this application.
Unencrypted Data Transmission Poses Major Risk
According to the analysis conducted by NowSecure, the DeepSeek iOS app transmits sensitive user information—including device identifiers and other personal data—over unsecured channels. This means that any attacker with network access can intercept this data, potentially leading to identity theft, unauthorized surveillance, or other forms of cyber exploitation.
One of the most significant issues uncovered in the audit is the app’s failure to enforce encryption best practices. While most modern apps use secure cryptographic methods to protect user data, DeepSeek relies on outdated encryption mechanisms such as Triple Data Encryption Standard (3DES), which has long been deemed insufficient against modern cyber threats. Additionally, researchers found that the app uses hardcoded encryption keys and reused initialization vectors (IVs), further compromising the integrity of the encrypted data.
Perhaps most concerning is that App Transport Security (ATS), a default security feature in iOS designed to enforce secure HTTPS connections, is globally disabled in the DeepSeek app. This effectively allows unencrypted data transmissions, making it easier for attackers to exploit vulnerabilities and intercept user data.
Ties to ByteDance and Data Transmission to Chinese Servers
Further investigations into DeepSeek’s data handling practices revealed that the app transmits the unencrypted data to servers managed by Volcano Engine, a cloud service provider owned by ByteDance—the same company behind TikTok. ByteDance’s ties to the Chinese government have led to growing concerns among security researchers and policymakers about the potential for user data being accessed or manipulated by Beijing.
The transmission of sensitive data to overseas servers has raised red flags, particularly given that China’s data regulations grant the government extensive access to data stored within its jurisdiction. This has led cybersecurity experts to warn that DeepSeek could be exploited for espionage, mass data collection, and user tracking, particularly in countries where the app has gained a significant user base.
Government Bans and Regulatory Crackdowns
The revelations about DeepSeek’s security flaws and data transmission practices come at a time when governments across the world are taking a more aggressive stance on foreign-owned applications with potential security risks.
Several countries—including Australia, Italy, the Netherlands, Taiwan, and South Korea—have already taken action to ban DeepSeek from government-issued devices, citing national security concerns. In India, where concerns over Chinese apps remain high following previous bans on platforms like TikTok and WeChat, authorities are reportedly monitoring DeepSeek’s activities closely to determine whether additional restrictions are necessary.
In the United States, multiple government agencies—including NASA, the Pentagon, the U.S. Navy, and the state of Texas—have implemented similar bans, preventing government employees from installing or using DeepSeek on official devices. Congressional lawmakers are now pushing for a nationwide ban on the app’s use within federal institutions, arguing that allowing it on government networks could expose sensitive data to foreign surveillance.
Senator Marco Rubio, a long-time critic of Chinese tech influence, has called for a complete review of DeepSeek’s security practices and its potential risks to U.S. cybersecurity. “We cannot allow adversarial nations to gain unfettered access to Americans’ data,” he stated in a recent hearing on cybersecurity threats posed by foreign applications.
DeepSeek’s Rapid Growth and the Implications for Users
Despite these growing concerns, DeepSeek has rapidly become one of the most downloaded AI-powered applications worldwide, topping charts on both iOS and Android app stores. Users have been drawn to its powerful AI capabilities, but many remain unaware of the security risks associated with the app’s data transmission practices.
Cybersecurity experts are advising users to exercise extreme caution before using DeepSeek, particularly given its history of poor security implementation. Experts recommend avoiding the app on work devices, restricting permissions, and using a VPN to mitigate potential risks. Additionally, privacy-focused users are encouraged to explore alternative AI applications that adhere to stricter security standards.
With cyber threats evolving rapidly and governments tightening their scrutiny on foreign applications, DeepSeek’s future remains uncertain. If security improvements are not made, the app could face further bans, regulatory scrutiny, and a loss of user trust.
Conclusion
The security vulnerabilities discovered in the DeepSeek iOS app highlight the growing risks associated with data privacy and foreign-controlled applications. The app’s failure to encrypt user data, reliance on outdated security practices, and transmission of information to servers linked to ByteDance have raised serious concerns about potential exploitation.
As governments worldwide react to these revelations, users must stay informed and make conscious decisions about the apps they install. With cybersecurity threats becoming increasingly sophisticated, ensuring that personal data remains protected should be a top priority for both individuals and organizations alike.
While DeepSeek’s developers have yet to issue a formal response addressing these security concerns, the pressure to remediate the vulnerabilities and restore user trust is mounting. The question remains: Will DeepSeek take immediate action to secure its platform, or will it face the same fate as TikTok in several countries?
