NowSecure Reveals Critical Security Vulnerabilities in DeepSeek iOS Mobile App

Mobile security researchers at NowSecure have identified significant security and privacy vulnerabilities in the DeepSeek iOS mobile app, urging enterprises and government agencies to immediately discontinue its use. The top-ranked AI mobile application, which has already faced bans from multiple federal agencies and military organizations, presents substantial risks to user data and organizational security.

The security assessment revealed multiple critical vulnerabilities that could potentially compromise sensitive information. Unencrypted data transmission, hardcoded encryption keys, and insecure credential storage represent serious security gaps that could enable unauthorized data access and manipulation. The app's transmission of data to Volcengine, a cloud platform operated by ByteDance, further raises concerns about potential warrantless surveillance and data governance under Chinese jurisdiction.

Particularly alarming is the app's ability to bypass Apple's built-in security features, including App Transport Security (ATS), and its lack of mandatory Privacy Manifests. These shortcomings increase exposure to tracking and potential data interception, presenting significant risks for enterprises handling sensitive intellectual property and corporate information.

The potential implications extend beyond individual user privacy, threatening national security and corporate confidentiality. Organizations using the DeepSeek iOS app risk exposing critical data to unauthorized third-party access, potentially compromising strategic information and operational integrity.

While NowSecure has not analyzed the Android version of the app, the organization recommends that high-risk organizations assume similar vulnerabilities exist. The research suggests immediate steps including discontinuing app usage, assessing alternative AI solutions, and implementing continuous mobile application security monitoring.

These findings underscore the critical importance of rigorous mobile application security testing in an increasingly digital landscape. As artificial intelligence and mobile technologies continue to evolve rapidly, organizations must remain vigilant about potential security risks embedded within seemingly innocuous applications.