The DeepSeek app, a rising star in the AI landscape, has come under fire for transmitting sensitive user data without encryption. This alarming revelation raises significant concerns about user privacy and data security, particularly given the app's connections to ByteDance, the parent company of TikTok.

Key Takeaways

• DeepSeek's iOS app sends sensitive data unencrypted to ByteDance-controlled servers.

• The app disables Apple's App Transport Security (ATS), which is designed to protect user data.

• Security firm NowSecure has identified multiple vulnerabilities in the app, urging users to uninstall it immediately.

Overview of DeepSeek

DeepSeek, a generative AI application similar to ChatGPT, quickly gained popularity after its launch in January 2025, topping the App Store charts. However, its rapid rise has been overshadowed by serious security flaws that have come to light following an investigation by NowSecure, a mobile security firm.

Security Flaws Identified

The investigation revealed several critical issues:

1. Unencrypted Data Transmission: The app transmits sensitive user data over unencrypted channels, making it vulnerable to interception by malicious actors.

2. Disabled ATS: DeepSeek has disabled Apple's App Transport Security, which is intended to enforce encryption for data sent over the internet.

3. Insecure Data Storage: User data is stored in an insecure manner, further increasing the risk of unauthorized access.

4. Use of Deprecated Encryption: The app employs 3DES encryption, a method that has been deprecated due to its vulnerability to attacks.

Data Sent to ByteDance Servers

The data collected by DeepSeek includes basic device information such as:

• Organization ID

• OS version

• Language settings

• User agent

This data is sent to servers controlled by ByteDance, where it can be decrypted and potentially cross-referenced with other user data, raising concerns about user tracking and privacy violations.

Implications for Users

Given the app's security vulnerabilities, experts recommend that users uninstall DeepSeek immediately. The risks associated with using the app include:

• Exposure of sensitive personal information.

• Potential tracking of user behavior by third parties.

• Legal implications due to data storage practices in China, where ByteDance is based.

The DeepSeek app's failure to secure user data highlights the ongoing challenges in the tech industry regarding privacy and security. As users increasingly rely on AI applications, it is crucial for developers to prioritize data protection and adhere to best practices in security. Users are advised to remain vigilant and consider alternative solutions that prioritize their privacy and data security.

Cybersecurity is more crucial than ever. At BetterWorld Technology, we provide advanced solutions to tackle emerging threats while fostering innovation. Secure your business with confidence—contact us today for a consultation.

Sources

• One moment, please..., CybersecurityNews.

• DeepSeek's iOS app sends unencrypted data to ByteDance-controlled servers - GIGAZINE, GIGAZINE.

• DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers - Ars Technica, Ars Technica.

• DeepSeek's iOS app sends unencrypted data to Chinese servers, AppleInsider.

• One moment, please..., GBHackers News.