Summary: A recent security assessment by NowSecure has revealed significant vulnerabilities in the DeepSeek iOS app, which has rapidly gained popularity. Concerns over its unencrypted data transmission, insecure storage, and Chinese data governance practices have led to its banning by several governments. Organizations are urged to stop using the app immediately to protect sensitive data and comply with regulations.
Affected: DeepSeek iOS app, governments, enterprises
Keypoints :
- Unencrypted data transmission exposes sensitive user data to interception.
- Weak encryption practices, including the use of hardcoded keys and outdated algorithms, jeopardize data confidentiality.
- User data stored insecurely increases the risk of credential theft and misuse.
- Aggressive data collection practices pose privacy risks and enable potential surveillance.
- Data routed to ByteDance servers in China raises regulatory and compliance issues.
- Immediate removal of the app is recommended to mitigate the associated risks.
- Organizations are encouraged to seek alternative apps that comply with mobile security standards.
Source: https://securityonline.info/multiple-security-and-privacy-flaws-found-in-deepseek-ios-app/