Multiple security flaws have been found in the DeepSeek iOS app, which is still one of the most popular downloads in the App Store after topping the charts when it first launched.The latest findings are far worse than the previous security failure which exposed chat history and other sensitive information in a database requiring no authentication … Previous concerns about DeepSeek While we’d mentioned it before it made headlines, for most people DeepSeek came out of nowhere and overnight became the most downloaded iPhone app.AI researchers were shocked at the capabilities of an app which had dramatically lower hardware requirements than chatbots of similar power, and the news sent the share price of a number of US AI companies tumbling.
It wasn’t long, however, before security and privacy concerns were raised.Italy’s privacy watchdog questioned whether the app was compliant with European privacy law, with Ireland asking similar questions.US officials are also investigating potential national security implications.
It was then discovered that the company inadvertently failed to secure a database containing more than a million lines of log entries, including chat history and secret keys.Multiple security flaws found in DeepSeek iOS app Mobile security company NowSecure has found multiple security flaws in the iPhone app – including a failure to use Apple’s built-in App Transport Security (ATS) system.ATS is designed to ensure that sensitive personal data is only sent over encrypted channels, but NowSecure found that DeepSeek had switched this off.
The company says that while the data exposed might seem innocuous, it can easily be combined to de-anonymize users.Where data is encrypted, the company is using an outdated encryption method which is known to be flawed.Additionally, data collected by the app could be used to identity potential espionage targets.
The lengthy analysis concludes that the DeepSeek iOS app is not safe to use, and notes that the Android version is even less secure.9to5Mac’s Take While the DeepSeek app is technically impressive, and it’s been interesting to test its capabilities, we’d caution against anyone using it for real-life tasks that involve any disclosure of personal data.You should assume that DeepSeek can identify you and see the content of your interactions.
We’re still at a relatively early stage of security researchers examining the app, so it’s probable that additional security and privacy issues will be revealed.Personally, I’ve now removed it from my iPhone and would advise others to do the same. You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day.
Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop.Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel
