Excerpt from The Register Article, Published on Feb 10, 2025.
DeepSeek, the third most popular iOS app on the App Store, has sparked significant concern following security assessments by NowSecure, a mobile infosec platform. Researchers revealed that the app transmits sensitive data in plaintext, uses outdated encryption ciphers, and embeds hardcoded keys. Moreover, it fails to store user credentials securely, extensively fingerprints users, and sends data to servers in China. These glaring vulnerabilities raise red flags for both individual users and organizations using the app on iPhones.
Further investigation revealed that DeepSeek operates on ByteDance’s Volcano Engine cloud service. ByteDance, the parent company of TikTok, has faced persistent scrutiny over alleged ties to the Chinese government. Despite DeepSeek openly acknowledging in its privacy policy that it shares user data with Chinese entities, concerns have deepened due to its potential to relay information to China Mobile, a state-controlled telecom firm under US sanctions. This discovery prompted US lawmakers Josh Gottheimer (D-NJ) and Darin LaHood (R-IL) to introduce the “No DeepSeek on Government Devices Act.” Although the bill’s text is pending release, its intent is to safeguard national security by restricting DeepSeek’s use on official devices.
The situation underscores escalating privacy risks posed by apps with potential links to TikTok and other Chinese platforms. Privacy advocates urge users to delete the DeepSeek iOS app immediately, particularly from company-issued devices, as a precautionary measure. Experts suggest turning to local AI models that process data securely without transmitting information to external servers. As concerns mount over data security and potential surveillance risks, this development serves as a stark reminder of the importance of careful app scrutiny, particularly in an era where iOS apps and TikTok-linked technologies continue to stir global debates on privacy and digital trust.
To delve deeper into this topic, please read the full article The Register.
