DeepSeek’s iOS app found to be transmitting sensitive data to China

Chinese generative AI application DeepSeek soared the App Store charts within a few days of launching this January. Similar to OpenAI’s ChatGPT, it provides services at a fraction of the cost. That was despite the discovery that DeepSeek’s iOS application is transmitting sensitive user data to China.

DeepSeek’s iOS app is collecting and transmitting extensive data to China unencrypted

Chicago-based NowSecure mobile security firm claims that DeepSeek’s iOS application has severe security and privacy flaws. DeepSeek’s iOS app collects and transmits sensitive user data to China without any encryption. Furthermore, the app collects extensive device data and sends it to servers owned by China.

Furthermore, the report claims that DeepSeek AI does not equip or is unwilling to provide basic security protection for user data and identity in its iOS app. NowSecure also mentioned that while DeepSeek does use encryption, it is using 3DES encryption. In 2016, experts deprecated this type of symmetric encryption due to security concerns.

DeepSeek’s iOS app disables Apple’s App Transport Security protocol

According to the report, DeepSeek’s iOS application also disables Apple’s App Transport Security protocol, which would enforce encryption of data. For those unaware, Apple implemented ATS to ensure that sensitive user data goes only over encrypted channels. In its report, NowSecure has found that DeepSeek has turned the feature off in its iOS app. Since DeepSeek has disabled the protection, it sends unencrypted data over the internet to China.

The report also mentions that while the exposed sensitive data might seem harmless, attackers can manipulate it to de-anonymize the app’s users. “While none of this data taken separately is highly risky, the aggregation of many data points over time quickly leads to easily identifying individuals. The recent data breach at Gravy Analytics demonstrates that companies are actively collecting this data at scale and can effectively de-anonymize millions of individuals”, mentions the report.

In its complete analysis, NowSecure has found that DeepSeek’s iOS application is not safe or secure to use. Furthermore, the report claims that the generative AI app’s Android counterpart is equally or even slightly worse. DeepSeek needs to address a handful of security and privacy flaws in its apps if it wants to continue operating in the US or other countries.

If it fails to do so, authorities could completely ban it in the US. Notably, Texas and multiple other states have already banned DeepSeek AI. Hundreds of companies across the globe also prohibit its use.

The post DeepSeek’s iOS app found to be transmitting sensitive data to China appeared first on Android Headlines.