A recent audit revealed significant security flaws in DeepSeek's iOS app, primarily concerning the unencrypted transmission of sensitive data, increasing vulnerability to interception attacks. Conducted by NowSecure, the assessment highlighted issues such as the use of insecure encryption algorithms and the disabling of App Transport Security (ATS). Additionally, data collected is sent to servers managed by ByteDance's Volcano Engine. Concerns about DeepSeek's chatbot service are escalating as cybersecurity firms link it to potential threat actor activities, including information theft and spam generation.
The DeepSeek iOS app sends some mobile app registration and device data over the Internet without encryption, exposing any data in the internet traffic.
DeepSeek iOS app globally disables App Transport Security (ATS) which is an iOS platform level protection that prevents sensitive data from being sent over unencrypted channels.
Collection
[
|
...
]