DeepSek On IOS Sends Unencrypted Data To Servers In China

JAKARTA The popular iPhone AI application, DeepSek, was found sending user data to servers owned by Chinese companies without encryption. In addition, this application also collects large amounts of user data stored with weak security.

DeepSek is a generative AI application similar to ChatGPT and has immediately topped the US App Store download ladder since its launch in January 2025. However, now the AI startup from China that developed this application is facing a major scandal related to user data security.

According to Andrew Hoog, co-founder of security firm NowSecure, DeepSeek does not implement adequate security practices.

"DeepSeek is not equipped or does not want to provide basic protection for your data and identity," Hoog told Ars Technica. "There are fundamental security practices that are ignored, whether intentional or not. In the end, this endangers the data and identity of their users and companies."

The Chicago-based security firm discovered various safety concerns on the iOS version of the DeepSek app, including:

1. Sensitive data is sent without encryption. 2. Unsecured user data storage.3. Large amounts of user and device data collection.4. User data is sent to a server owned by a Chinese company.5. DeepSek Use Usual Encryption and Vulnerable Lock

Although DeepSek uses encryption, the app still relies on the 3DES algorithm, which has been declared obsolete since 2016 as it is proven to be easily hacked.

Even worse, the 3DES encryption key used by DeepSek has actually been hardcoded in the application. This means that all users use the same encryption key, thereby increasing the risk of data leakage.

In addition, DeepSek also disabled Apple's App Transport Security (ATS) security protocol, which should have ensured all data was sent in encrypted form. Until now, DeepSek has not provided a reason why this security feature has been disabled, while Apple has also not commented on why this app remains permitted on the App Store.

Once data is sent to ByteDance's server, TikTok's parent company, encryption is removed and data can be accessed in its original form. This means ByteDance has full access to user information, including potential activity tracking and questions raised by users in the app.

This problem is increasingly worrying considering ByteDance operates under Chinese law, which requires companies to provide data access to the government if requested. This situation is similar to what caused the US government to pressure ByteDance to sell TikTok to avoid potential data abuse by Chinese authorities.

NowSecure also revealed that the Android version of the DeepSeek app has a weaker security system than the iOS version, although further details have not been disclosed.

Currently, NowSecure is still researching the security gaps in the DeepSek app and its possible impact on users. Until now, neither Apple nor DeepSek have provided an official response to these findings. If this issue continues, it is not impossible that Apple will review the app's license on the App Store.

Users who have downloaded this application are advised to reconsider their use, especially for those who care about the security of personal data.