Experts Flag Security, Privacy Risks in DeepSeek A.I. App for iOS ⇥ nowsecure.com

Andrew Hoog of NowSecure:

NowSecure has conducted a comprehensive security and privacy assessment of the DeepSeek iOS mobile app, uncovering multiple critical vulnerabilities that put individuals, enterprises, and government agencies at risk. These findings highlight the immediate need for organizations to prohibit the app’s use to safeguard sensitive data and mitigate potential cyber risks.

NowSecure’s most pressing concerns have little to do with the app’s country of origin, and a lot more to do with basic things like HTTP requests:

The DeepSeek iOS app globally disables App Transport Security (ATS) which is an iOS platform level protection that prevents sensitive data from being sent over unencrypted channels. Since this protection is disabled, the app can (and does) send unencrypted data over internet.

Brian Krebs:

Beyond security concerns tied to the DeepSeek iOS app, there are indications the Chinese AI company may be playing fast and loose with the data that it collects from and about users. On January 29, researchers at Wiz said they discovered a publicly accessible database linked to DeepSeek that exposed “a significant volume of chat history, backend data and sensitive information, including log streams, API secrets, and operational details.”

Painfully sloppy work.