It’s one of the biggest apps in the App Store. However, it looks like DeepSeek is also riddled with security flaws.
According to NowSecure, the Chinese-based AI chatbot has significant data security and storage flaws. The app, which launched to considerable attention last month, reportedly transmits sensitive data over the internet without encryption, making it vulnerable to interception and manipulation.
DeekSeek relies on an outdated and easily compromised encryption method known as Triple DES. You can think of it as using an old, rusty lock on your front door.
Please enable Javascript to view this content
Additionally, it reuses the duplicate “keys” for encryption, which is akin to using the same password for all your accounts—if one is stolen, all your information can be accessed. Moreover, the encryption keys are embedded directly within the app, making them easy targets for hackers. This is similar to hiding your house key under the doormat—not very secure.
NowSecure has also found that DeepSeek’s data storage is insecure. This means usernames, passwords, and encryption keys are stored insecurely. The app also collects user and device data, which can be used for tracking and de-anonymization.
It has come to light that user data from DeepSeek is sent to servers owned by ByteDance, the company that operates TikTok. It’s important to remember that TikTok is currently facing significant challenges in the U.S., where a law has been enacted requiring the app to be sold to an American buyer.
NowSecure, which specializes in mobile app security, is clear with its suggested remedy. It suggests deleting the DeepSeek iOS app in managed and BYOD environments. It also suggests finding another AI chatbot solution, one that prioritizes mobile app security and data protection.
This isn’t the first time someone has expressed concerns about DeepSeek. For example, Microsoft, a primary investor in competitor OpenAI, is exploring whether DeepSeek has used nefarious methods to train its reasoning models. Doing so would be considered stealing intellectual property from the U.S.
Still, others are worried that DeepSeek is embracing censorship.
Should you delete DeepSeek from your mobile device? Given the many controversies surrounding the product, it seems that might be the wisest move to make. It’s not like there aren’t other AI chatbots already on the market, including the newest one, Le Chat.
