DeepSeek iOS app—a highly popular AI assistant recently crowned as the top iOS app since its January 25 release—has been discovered to transmit sensitive user data to ByteDance servers without encryption.
The security flaws, uncovered by mobile app security firm NowSecure, have prompted swift reactions from governments, enterprises, and cybersecurity experts worldwide.
The findings paint a sobering picture of the app’s vulnerabilities and its risk to users’ sensitive information.
NowSecure’s comprehensive assessment of the DeepSeek iOS app has exposed alarming security issues affecting millions of users worldwide, including individuals, enterprise employees, and government officials.
Despite its meteoric rise in popularity, the app harbors critical vulnerabilities that make it a significant threat to data privacy.
Key Findings:
One of the report’s most alarming revelations is the direct transmission of user data to ByteDance servers, facilitated through its Volcengine cloud service.
ByteDance’s connection to the Chinese government and its legal obligations under PRC surveillance laws have heightened fears of state-driven data access and surveillance.
While ByteDance has repeatedly denied allegations of data sharing with the Chinese government, regulatory agencies and governments remain deeply wary.
The DeepSeek app’s practices may further fuel geopolitical tensions in the realm of digital data privacy.
The fallout has been swift and sweeping. Several governments and organizations, including the U.S. military and state agencies, have issued immediate bans on the app to safeguard national security.
Enterprises have taken similar actions, prohibiting its use on managed and Bring Your Device (BYOD) environments.
For affected users, uninstalling the app and resetting credentials used within it are necessary first steps to protect personal and organizational data.
The revelations have also reignited debate around app store accountability. While Apple enforces strict app review policies, critics argue that security flaws like those in DeepSeek highlight the limitations of existing safeguards.
“Apple and Google must step up their app vetting processes to prevent apps with severe security risks from reaching consumers,” cybersecurity expert Dr. Amelia Jensen said.
“Mobile apps are an unprotected attack surface, and as DeepSeek shows, even widely popular apps can be compromised.”
The DeepSeek debacle underscores the urgent need for stricter data privacy measures, secure app design, and vigilant oversight in the digital age.
As more organizations banish the app, its vulnerabilities serve as a stark warning about the high stakes of mobile app security in a globally interconnected network.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
A major security scare has erupted in Washington after reports emerged that a Trump associate…
The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding an actively exploited…
A newly discovered pre-authentication denial-of-service (DoS) vulnerability in Microsoft’s Windows Deployment Services (WDS) exposes enterprise networks to…
A critical vulnerability has been uncovered in Microsoft’s Telnet Client (telnet.exe), enabling attackers to steal…
Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems across…
Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21 popular…