A groundbreaking security assessment by mobile security firm NowSecure has revealed multiple critical vulnerabilities in the widely popular DeepSeek iOS app, prompting urgent calls for enterprises to ban its use.
The comprehensive analysis exposed serious security flaws that put millions of users' data at risk. Since becoming the top iOS app in January 2025, DeepSeek has been downloaded by countless enterprise and government employees, leading several countries and the U.S. military to already implement bans.
Among the most alarming discoveries were the app's complete lack of data encryption during transmission, making sensitive information vulnerable to interception. The assessment also found that DeepSeek uses outdated encryption methods and hardcoded keys, violating basic security standards.
The investigation revealed that the app stores usernames, passwords, and encryption keys without proper protection. Perhaps most concerning is the extensive collection of user and device data, which gets transmitted to servers controlled by ByteDance in China, subjecting it to Chinese laws and potential government access.
"The security gaps we've uncovered pose immediate risks to both individuals and organizations," stated NowSecure in their report. These vulnerabilities could lead to the exposure of intellectual property, strategic plans, and confidential communications.
The security firm recommends organizations take immediate action by:
- Removing DeepSeek from all corporate and BYOD devices
- Finding alternative AI platforms with better security measures
- Implementing continuous monitoring of mobile applications
While users can still access DeepSeek's AI capabilities through self-hosting or other providers like Microsoft, the built-in censorship remains unless specifically modified.
This assessment marks the first detailed technical analysis of DeepSeek's actual application code, moving beyond previous studies that only examined privacy policies and terms of service.
The findings come at a critical time as organizations worldwide grapple with the balance between leveraging AI capabilities and maintaining data security. This research provides concrete evidence of the risks many security experts have long suspected.