The iPhone app DeepSeek has risen to the top of the app charts in no time. The generative AI application, which was only released in January 2025, is attracting users worldwide. But security experts are sounding the alarm: the app sends unencrypted data to Chinese servers, stores sensitive information insecurely and uses outdated encryption technologies. These problems raise serious questions about data protection. Experts criticize DeepSeek for ignoring or deliberately circumventing basic security measures. Particularly worrying is the connection to ByteDance, the company behind TikTok, which has already been criticized in the past for data protection concerns.
Artificial intelligence is now an integral part of digital applications. Whether language models such as ChatGPT or image generators - AI systems are becoming increasingly important. But with their popularity, the risk of misuse and security gaps also increases. DeepSeek is a current example of how a promising technology can cause data protection problems. Despite its popularity, the app has serious security flaws that could pose a danger to users.
Vulnerabilities in the iOS version of DeepSeek
According to an analysis by the security company NowSecure (via Ars Technica) DeepSeek's iOS app has several serious privacy issues.
- Sensitive data is transmitted unencrypted
- User data is stored insecurely
- The app collects extensive information about users and their devices
- The collected data is forwarded to Chinese servers
Andrew Hoog, co-founder of NowSecure, describes the app's security measures as inadequate. He points out that DeepSeek is neither able nor willing to implement basic protection measures for users. What is particularly problematic is the fact that DeepSeek transmits user data unencrypted. This means that third parties can potentially access and read this information. This may also include personal data or content that users generate in the app.
Outdated encryption technology
Another problem concerns the encryption used. DeepSeek uses the 3DES encryption method, which was already classified as insecure in 2016. The vulnerability: The method can be cracked, which could give third parties access to the encrypted data. In addition, DeepSeek uses symmetric encryption, in which all users use the same hard-coded key. This means that once a key has been compromised, all data can be decrypted. To make matters worse, the app deactivates Apple's App Transport Security (ATS) protocol. This protocol is actually intended to ensure that data is only sent over encrypted connections. Why DeepSeek deactivated this important security feature is not known.
connection to Chinese servers and ByteDance
The data collected by DeepSeek is stored on servers managed by ByteDance. ByteDance is the company behind TikTok and is subject to Chinese data protection laws. This means that the Chinese government could potentially gain access to the stored information. This problem is not new. There have already been debates in connection with TikTok about the extent to which the Chinese authorities could view or request data from users. The possible access to DeepSeek data therefore represents a serious data protection risk. In addition, there are indications that the data collected could be used to identify users and track search queries. This could create individual profiles that allow conclusions to be drawn about the behavior of individual users in the long term.
Even bigger security holes in the Android version
According to NowSecure, the iOS version of DeepSeek is already problematic, but the Android version is said to be even more insecure. Specific details have not yet been published, but experts assume that there are serious data protection problems here too. Since Android is generally a more open operating system than iOS, there could be additional vulnerabilities there. Users who use DeepSeek on an Android device should therefore be particularly careful.
DeepSeek and Data Protection: A Risk to Your Privacy
DeepSeek is a powerful AI app, but the massive security flaws raise serious concerns. Users should be aware that the app stores and transmits sensitive data insecurely. The connection to ByteDance and the unencrypted communication with Chinese servers further increase the risks. Anyone who values data protection should avoid DeepSeek until the existing problems are resolved. Alternatively, there are more secure AI apps that offer better protection measures for users. Especially with regard to data protection laws and cybersecurity, it is important to be cautious with applications that are not transparent about user information. (Photo by Unsplash / Solen Feyissa)
- DeepSeek on the road to success – but OpenAI raises allegations
- Apple under pressure: British government demands iCloud backdoor
