DeepSeek Is Sending Unencrypted Data To Chinese Servers, As Its iOS App Suffers From Multiple Severe Security Flaws
The DeepSeek mobile app, which quickly rose to the top of the Apple App Store charts and even surpassed ChatGPT in its initial month, has now become the subject of serious privacy and security concerns. A new report from mobile security firm NowSecure reveals that DeepSeek’s iOS app is transmitting unencrypted data to Chinese servers, leaving user information vulnerable to interception and misuse.
DeepSeek’s iOS client, according to the findings, has globally disabled App Transport Security (ATS)—an iOS-level protection that ensures sensitive information is transferred only over encrypted channels. By switching ATS off, the app sends user data (potentially including location and usage patterns) through unencrypted routes, making it significantly easier for bad actors to intercept. Apple generally mandates ATS compliance to prevent insecure network connections, as explained on the Apple Developer website.
Potential Risks and National Security Concerns
While each piece of user data in isolation may appear harmless, NowSecure warns that aggregated datasets can be correlated to de-anonymize users. There is also a looming worry that these data points—coupled with location or demographic info—could identify high-value individuals, such as those using FirstNet (the American public safety broadband network). In addition, the security firm notes that DeepSeek relies on outdated or broken encryption methods, exposing users to further vulnerabilities.
U.S. officials have taken notice of the risks, launching investigations into whether DeepSeek’s data practices could threaten national security. The app’s large-scale collection of personal information, combined with no encryption, echoes concerns raised in other cases where foreign-linked applications faced scrutiny or outright bans. Unless DeepSeek resolves these security gaps, its future in the U.S. market—and possibly others—may be in jeopardy.
Consequences for DeepSeek
DeepSeek has already faced a wave of criticism over its minimal content filters, which could lead users into questionable or potentially unlawful queries. Now, the revelations about unencrypted transmissions to Chinese servers add a new dimension of legal and reputational risk, potentially putting the platform on a similar path to what TikTok encountered—a ban or a forced sale to a U.S.-based entity. Android users aren’t safe either; the Android version of the app reportedly has similar, if not worse, vulnerabilities.
Observers suggest that the creators of DeepSeek must swiftly implement secure encryption, adopt robust filter measures, and align with privacy regulations in key markets if they want to avoid further government scrutiny or restrictions.
How seriously do you take these revelations about DeepSeek sending data unencrypted to Chinese servers? Would you uninstall an app upon learning it transmits personal information insecurely? Let us know your thoughts.
