2 months ago
31
- Published on February 10, 2025
- In AI News
The security assessment by NowSecure highlights glaring weaknesses in the app's security standards for iOS users.
Illustration by Supreeth Koundinya
DeepSeek has grabbed the spotlight in the AI industry as the underdog that briefly became the world’s leading app, overtaking ChatGPT AI assistant. While many see it as the Robinhood of AI, not all things are pretty about it.
A report by NowSecure, a mobile security company, highlights a big privacy risk in using DeepSeek’s iOS app, hinting that the Android app is no better.
DeepSeek Clueless About Latest Security Standards
The security assessment by NowSecure highlights glaring weaknesses in the app’s security standards for iOS users.
To start with, DeepSeek’s AI assistant app does not enforce the ATS (app transport security), a security feature provided by Apple to prevent insecure communications globally, for unknown reasons.
Next, the app does not encrypt the data sent to the servers controlled by ByteDance, TikTok’s parent company. While the information does not involve personal data, an unencrypted channel can open up opportunities for a hacker.
The report states, “The DeepSeek iOS app sends some mobile app registration and device data over the internet without encryption. This exposes any data in the internet traffic to both passive and active attacks.”
Andrew Hoog, the founder of NowSend, mentions more about it in the report, “An attacker with privileged access on the network (known as a Man-in-the-Middle attack) could also intercept and modify the data, impacting the integrity of the app and data.”
Moreover, the encryption utilises the 3DES algorithm, which is now considered an insecure form of encryption.
Organisations Advised to Stop Using DeepSeek
Considering the privacy and security risks associated with the DeepSeek iOS app, the report recommends not using it in your organisation until things are fixed and better standards are in place.
As an alternative, some organisations can try self-hosting DeepSeek or using cloud services like the Azure platform to continue using it securely.
Ankush Das
I am a tech aficionado and a computer science graduate with a keen interest in AI, Open Source, and Cybersecurity.
Association of Data Scientists
GenAI Corporate Training Programs
India's Biggest Women in Tech Summit
Mar 20 and 21, 2025 | 📍 J N Tata Auditorium, Bengaluru
Download the easiest way to
stay informed
Subscribe to The Belamy: Our Weekly Newsletter
Biggest AI stories, delivered to your inbox every week.
Rising 2025 | DE&I in Tech & AI
Mar 20 and 21, 2025 | 📍 J N Tata Auditorium, Bengaluru
AI Startups Conference.
April 25, 2025 | 📍 Hotel Radisson Blue, Bangalore, India
Data Engineering Summit 2025
15-16 May, 2025 | 📍 Taj Yeshwantpur, Bengaluru, India
MachineCon GCC Summit 2025
19-20th June 2025 | 📍 ITC Grand, Goa
17-19 September, 2025 | 📍KTPO, Whitefield, Bangalore, India
India's Biggest Developers Summit Nimhans Convention Center, Bangalore
Our Discord Community for AI Ecosystem.
