DeepSeek, a brand-new Chinese generative AI app, rocketed to the top of the App Store charts just days after its introduction in January. Despite its expanding popularity, substantial questions have been raised concerning its security and privacy policies.
A research by NowSecure, a Chicago-based mobile security firm, revealed severe weaknesses in DeepSeek’s iOS software. According to its findings, the app captures and transfers an alarming quantity of iPhone user data directly to servers in China.
NowSecure also discovered that DeepSeek is using old encryption methods, especially 3DES (Triple DES), which was formally deprecated in 2016 owing to security vulnerabilities. Even when encryption is employed, it does not meet modern standards, making it significantly easier for malicious actors to exploit personal data.
Apple’s App Transport Security (ATS) enforces encrypted data transmission for iOS apps, ensuring that user data is secure. However, NowSecure determined that DeepSeek had intentionally deactivated ATS in its software.
This means that rather than safeguarding user data, the software sends it across unprotected channels, leaving it vulnerable to interception. DeepSeek AI is powered by a Huawei chip and does not rely on technologies from outside China.
While some of the obtained data may appear harmless on its own, security experts warn that attackers can use it to de-anonymise individuals. The report states that merging many data points across time makes it simple to identify individuals.
In an era when data privacy is more critical than ever, utilizing an app that intentionally circumvents security protections and transmits sensitive data unencrypted is a major red flag. Even if you trust an AI chatbot, never reveal personal information, as it might be used to identify you.
