NowSecure Identifies Critical Security Vulnerabilities in DeepSeek iOS App

NowSecure, a leader in mobile app security and privacy research, has identified multiple critical security and privacy vulnerabilities in the DeepSeek iOS app, the top-ranked AI mobile application since late January 2025. These security flaws present substantial risks to enterprises, government agencies, and millions of users, potentially compromising intellectual property, corporate secrets, and national security. The assessment uncovered several alarming vulnerabilities including unencrypted data transmission that exposes sensitive information to interception via Man-in-the-Middle attacks, hardcoded encryption keys using outdated algorithms, and insecure storage of credentials that makes usernames and passwords susceptible to unauthorized access.

The security concerns extend to data transmission practices where the app sends information to Volcengine, a cloud platform operated by ByteDance, raising significant concerns about warrantless surveillance and data governance under Chinese jurisdiction. Additionally, the application disables iOS privacy controls, bypassing Apple's security features including App Transport Security and lacking mandatory Privacy Manifests, which increases exposure to tracking and fingerprinting techniques. These vulnerabilities have led to swift bans from multiple countries, federal agencies, and the U.S. military, highlighting the severity of the security risks identified.

Given the urgency of these security threats, NowSecure recommends immediate cessation of DeepSeek iOS app usage until these security flaws are properly mitigated. Organizations should assess alternative AI solutions that offer better security and compliance measures without high-risk mobile applications. The company emphasizes that while the assessment focused on the iOS version, high-risk organizations should assume similar vulnerabilities exist in the DeepSeek Android mobile app. NowSecure offers enterprises a free trial to assess security risks across commonly used mobile applications through their comprehensive security testing platform available at https://www.nowsecure.com.

The discovery underscores the broader challenge of mobile app security in an increasingly digital landscape. Mobile applications represent a largely unprotected attack surface that changes rapidly, presenting ongoing risks to companies and consumers alike. While DeepSeek represents a high-profile case, it is not unique in facing security challenges. Organizations must implement continuous security monitoring and robust mobile application risk management programs to protect against evolving threats in the mobile ecosystem.