NowSecure Urges Enterprises to Ban the DeepSeek iOS Mobile App | News Direct

NowSecure Urges Enterprises to Ban the DeepSeek iOS Mobile App Company’s expert researchers discover severe security and privacy flaws in the popular DeepSeek artificial intelligence app.

NowSecure
News release by NowSecure
Download PDF Download multimedia

facebook icon linkedin icon twitter icon pinterest icon email icon CHICAGO | February 07, 2025 10:00 AM Eastern Standard Time

NowSecure, a leader in mobile app security and privacy research and solutions, has identified multiple critical security and privacy vulnerabilities in the DeepSeek iOS app, the top-ranked AI mobile app since late January 2025. These issues pose significant risks to enterprises, government agencies, millions of users, their customers and employees. Other security concerns regarding the DeepSeek model have led to swift bans from multiple countries, federal agencies and the U.S. military.

Major Security & Privacy Risks Identified

NowSecure experts conducted an in-depth security assessment that uncovered alarming vulnerabilities in the DeepSeek iOS application, including:

  • Unencrypted Data Transmission: Sensitive user data is sent over the Internet without encryption, exposing it to interception and manipulation via Man-in-the-Middle (MITM) attacks.

  • Hardcoded Encryption Keys: Poor encryption implementation, including the use of outdated algorithms (3DES), leaves user data exposed.

  • Insecure Storage of Credentials: Usernames, passwords and encryption keys are stored in an insecure manner, making them susceptible to unauthorized access.

  • Fingerprinting: The app transmits data to Volcengine, a cloud platform operated by ByteDance, raising concerns about warrantless surveillance and data governance under Chinese jurisdiction.

  • Disabled iOS Privacy Controls: The app bypasses Apple’s security features, including App Transport Security (ATS), and lacks mandatory Privacy Manifests, increasing exposure to tracking and fingerprinting.

Implications for Enterprises & Governments

DeepSeek’s security flaws jeopardize intellectual property, corporate secrets and national security. The app’s ability to collect and transmit sensitive data to third parties, including China-linked entities, raises significant cybersecurity concerns. Given these threats, enterprises and government agencies are urged to cease using the DeepSeek iOS app until these issues are mitigated. NowSecure has not analyzed the DeepSeek Android mobile app, but high-risk organizations should assume that it presents similar risks to the iOS mobile app.

NowSecure’s Call to Action

Given the urgency of these security risks, NowSecure recommends:

  1. Immediate Cessation of DeepSeek iOS App Usage: Enterprises and government agencies should halt use until security flaws are resolved.

  2. Assessment of Alternative AI Solutions: Users can consider self-hosting DeepSeek’s AI model or leveraging alternative AI tools with better security and compliance measures that do NOT have a high-risk mobile app.

  3. Continuous Monitoring & Mobile App Security Testing: Given the fast-changing nature of mobile apps, organizations must implement continuous security monitoring. NowSecure offers a free trial for enterprises to assess security risks across commonly used mobile applications.

In addition to removing the DeepSeek iOS mobile app, individuals, companies and government agencies should take additional steps to mitigate mobile app risks. Because mobile apps change quickly and are a largely unprotected attack surface, they present a very real risk to companies and consumers. DeepSeek is high profile, but not unique. A key mitigation is monitoring the mobile apps you use to ensure new risks are not introduced. Connect with NowSecure to uncover the risks in both the mobile apps you build and third-party apps such as DeepSeek.

ABOUT NOWSECURE

Mobile apps define an enterprise’s digital presence and drive engagement with both employees and customers. However, the rapid pace of mobile innovation introduces security, safety and privacy risks that traditional risk management technologies often miss. By partnering with NowSecure to build a Mobile Applications Risk Management (MARM) program, organizations are better protected against the risks that plague the largely insecure mobile app ecosystem. NowSecure provides policy-driven progressive testing tailored to risk tiers, combining automated continuous assessments with expert Pen Testing as a Service (PTaaS) to pinpoint and remediate security, safety, and privacy issues. This approach shrinks the mobile app attack surface and accelerates app releases. Built on a foundation of industry standards by mobile security experts, NowSecure safeguards many of the world’s leading brands and their employees, partners and customers.

 

 

 

 

Contact Details

 

Jon Brody

 

+1 202-240-7611

 

press@nowsecure.com

 

Company Website

 

https://www.nowsecure.com/

News Direct Logo
Follow us on Facebook Follow us on LinkedIn
Get the latest from News Direct
Contact Us Pricing
Why News Direct
About us Features News Hub
Resources
Terms of Use Privacy Policy
newsdirect.com © 2025 News Direct Corp. All rights reserved. News Direct is a registered trademark.