Deepseek, a new mobile app from a Chinese AI company, has rapidly gained popularity since its launch on January 25, 2025, becoming the third most downloaded free app on Apple’s App Store and the top free app on Google Play. However, security and privacy concerns have been raised, particularly by Nowsecure, a Chicago-based organization that assesses mobile app vulnerabilities.
Nowsecure founder Andrew Hoog expressed serious reservations about the app’s design, stating it collects extensive data from users’ devices, including advanced device fingerprints and device names. This information could be used to identify users when combined with other data. The app reportedly communicates with Volcengine, a cloud service linked to ByteDance, and shares device information unencrypted, which poses interception risks.
Moreover, Deepseek has disabled key iOS protections like App Transport Security, allowing sensitive data to be sent over unencrypted channels. The app uses an outdated encryption method (3DES) with hard-coded keys, further compromising security. Hoog indicated that these issues suggest a lack of prioritization regarding security and privacy, which could jeopardize businesses that use the app.
The security risks have led to warnings from U.S. Congressional offices and bans on Deepseek by several entities, including the Pentagon, NASA, and the U.S. Navy. Additional reports have emerged about a database linked to Deepseek that unintentionally exposed a significant amount of sensitive information.
Krebsonsecurity has sought comments from Deepseek and Apple regarding these concerns, and the situation continues to evolve.
Source link
