Mobile security researchers at NowSecure have identified significant security vulnerabilities in the DeepSeek iOS mobile app that could compromise sensitive user data and organizational information. The top-ranked AI mobile application, which has been widely used since late January 2025, presents substantial risks to enterprises, government agencies, and millions of individual users.
The comprehensive security assessment revealed multiple critical security flaws that could potentially expose users to unauthorized data interception and manipulation. Key vulnerabilities include unencrypted data transmission, which leaves user information susceptible to Man-in-the-Middle attacks, and the storage of credentials and encryption keys in an insecure manner.
Of particular concern is the app’s transmission of data to Volcengine, a cloud platform operated by ByteDance, which raises significant data governance and potential surveillance issues. The application also bypasses critical iOS privacy controls, including App Transport Security, and lacks mandatory Privacy Manifests, further increasing exposure to tracking and unauthorized data collection.
Security experts recommend that high-risk organizations immediately discontinue using the DeepSeek iOS app. While the Android version has not been analyzed, organizations are advised to assume similar security risks exist. Alternative approaches include self-hosting the DeepSeek AI model or exploring alternative AI tools with more robust security and compliance measures.
The identified vulnerabilities underscore the critical importance of continuous mobile app security monitoring. Enterprises must recognize that mobile applications represent a rapidly evolving and often overlooked attack surface that can potentially compromise intellectual property, corporate secrets, and national security infrastructure.
By highlighting these security risks, NowSecure aims to raise awareness about the potential dangers lurking in seemingly innocuous mobile applications and encourage proactive security assessments across digital platforms.
This news story relied on a press release distributed by News Direct. Blockchain Registration, Verification & Enhancement provided by NewsRampâ„¢. The source URL for this press release is NowSecure Reveals Critical Security Vulnerabilities in DeepSeek iOS Mobile App.