Listen to this Post
2025-02-07
The DeepSeek iOS app, once a chart-topping sensation on the App Store, has now come under scrutiny for multiple critical security vulnerabilities. The latest findings reveal flaws far more severe than its initial security failure, which exposed chat history and other sensitive information in an unprotected database. As the app’s popularity soars, concerns surrounding its security and potential privacy violations continue to grow.
Security Flaws in DeepSeek
The app’s popularity skyrocketed after its release, offering AI capabilities that stunned the tech world. However, its sudden rise also drew attention to its potential security risks. Privacy regulators in Italy, Ireland, and the U.S. have raised questions regarding DeepSeek’s compliance with privacy laws and its national security implications.
The most recent investigation by mobile security firm NowSecure uncovered multiple critical flaws in the app’s security. One of the most concerning issues is the app’s decision to disable Apple’s App Transport Security (ATS) system, which is meant to encrypt sensitive personal data sent over the internet. By bypassing ATS, the app allows unencrypted data to be transmitted, exposing users to potential data theft.
Furthermore, the app employs outdated encryption methods, including the 3DES algorithm, which is considered broken and vulnerable. This leaves users’ data at risk of being intercepted and exposed. In certain cases, such as with high-value targets like public safety professionals, the data could even be leveraged for espionage purposes.
Although the security risks identified are alarming, NowSecure’s analysis indicates that the Android version of DeepSeek is even less secure than its iOS counterpart. Security experts urge users to avoid using the app for any personal or sensitive activities, as its vulnerabilities pose serious threats to privacy and data protection.
What Undercode Says:
DeepSeek’s rise to prominence within the App Store has been nothing short of meteoric. But its rapid ascent has been overshadowed by a series of concerning security lapses that demand serious attention. When an app attracts millions of users, especially one with AI capabilities, it’s inevitable that security experts will dive into its architecture. What they’ve found is far from reassuring.
The first red flag came early, when researchers discovered that DeepSeek’s developers had neglected to properly secure a massive database containing sensitive user data. In this instance, the database was left exposed without any authentication, providing easy access to private chat logs and even secret keys. While this was a major breach, it wasn’t the last.
NowSecure’s recent findings add to the growing list of security vulnerabilities. Disabling App Transport Security (ATS) on iOS is a significant mistake. ATS is a crucial security feature that ensures data transmitted by apps is encrypted, protecting users from potential interception. By turning it off, DeepSeek essentially opens the door for any third party to intercept and read personal data sent over the internet. This puts user privacy at significant risk, especially considering the scale at which DeepSeek operates.
The issue doesn’t stop with encryption. The app also employs 3DES, an outdated encryption method known for its vulnerabilities. This makes it even easier for attackers to decrypt data if they manage to intercept it. Even though the app may not be sending highly sensitive data in every instance, the aggregation of seemingly innocuous data points can still be enough to track and identify users, compromising their anonymity.
One of the more alarming aspects of the report involves the possibility of DeepSeek’s data being used for espionage. The app collects a wide array of data points, which when combined with data from other sources, can lead to the identification of high-value targets. For instance, the app may collect data from users who are connected to FirstNet, a broadband network for public safety workers. These users are particularly vulnerable, as their data could be used to target them for surveillance or other malicious activities.
Moreover, as data collection scales, the potential for de-anonymizing users increases dramatically. With DeepSeek’s current security architecture, this aggregation of personal data can easily lead to a breach of privacy. Similar risks have been observed in past incidents, such as the Gravy Analytics breach, where seemingly harmless data was used to de-anonymize millions of individuals.
The Android version of DeepSeek, according to reports, is even worse in terms of security. Given the app’s expanding user base and the increasing concerns over its vulnerabilities, it’s likely that more security issues will surface as researchers continue to analyze the app’s structure.
From a broader perspective, the DeepSeek case highlights the challenges of balancing innovation and security in today’s app ecosystem. While the app is undeniably impressive in terms of its AI capabilities, its security architecture is fundamentally flawed. The growing number of security breaches in consumer-facing apps is a reminder of how important it is for companies to prioritize robust security measures from the very start of development, not just after vulnerabilities are discovered.
As the app landscape continues to evolve, it’s crucial for users to remain vigilant and cautious, especially when using apps that handle sensitive personal information. Even the most popular apps can turn out to have serious flaws, and as in this case, these flaws can have far-reaching consequences.
Until DeepSeek addresses these vulnerabilities, it’s advisable for users to refrain from sharing any personal or sensitive data through the app. Only time will tell whether the developers will take the necessary steps to secure their users’ data, but for now, DeepSeek remains a high-risk app that should be approached with caution.
References:
Reported By: https://9to5mac.com/2025/02/07/multiple-security-flaws-found-in-deepseek-ios-app-including-sending-unencrypted-data/
https://www.instagram.com
Wikipedia: https://www.wikipedia.org
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://craiyon.com
Undercode AI DI v2: https://ai.undercode.help
