Multiple security flaws have been found in the DeepSeek iOS app, which is still one of the most popular downloads in the App Store after topping the charts when it first launched.The latest findings are far worse than the previous security failure which exposed chat history and other sensitive information in a database requiring no authentication While wed mentioned it before it made headlines, for most people DeepSeek came out of nowhere and overnight became the most downloaded iPhone app.AI researchers were shocked at the capabilities of an app which had dramatically lower hardware requirements than chatbots of similar power, and the news sent the share price of a number of US AI companies tumbling.It wasnt long, however, before security and privacy concerns were raised. Italys privacy watchdog questioned whether the app was compliant with European privacy law, with Ireland asking similar questions. US officials are also investigating potential national security implications.It was then discovered that the company inadvertently failed to secure a database containing more than a million lines of log entries, including chat history and secret keys.Multiple security flaws found in DeepSeek iOS appMobile security company NowSecure has found multiple security flaws in the iPhone app including a failure to use Apples built-in App Transport Security (ATS) system. ATS is designed to ensure that sensitive personal data is only sent over encrypted channels, but NowSecure found that DeepSeek had switched this off.The DeepSeek iOS app globally disables App Transport Security (ATS) which is an iOS platform level protection that prevents sensitive data from being sent over unencrypted channels. Since this protection is disabled, the app can (and does) send unencrypted data over the internet.The company says that while the data exposed might seem innocuous, it can easily be combined to de-anonymize users.While none of this data taken separately is highly risky, the aggregation of many data points over time quickly leads to easily identifying individuals. The recent data breach of Gravy Analytics demonstrates this data is actively being collected at scale and can effectively de-anonymize millions of individuals.Where data is encrypted, the company is using an outdated encryption method which is known to be flawed.The encryption algorithm chosen for this part of the application leverages a known broken encryption algorithm (3DES) which makes it a poor choice to protect the confidentiality of data.Additionally, data collected by the app could be used to identity potential espionage targets.[A sample user] is operating on the latest iPad, leveraging a cellular data connection that is registered to FirstNet (American public safety broadband network operator) and ostensibly the user would be considered a high value target for espionage.Bear in mind that not only are 10s of data points collected in the DeepSeek iOS app but related data is collected from millions of apps and can be easily purchased, combined and then correlated to quickly de-anonymize users.The lengthy analysis concludes that the DeepSeek iOS app is not safe to use, and notes that the Android version is even less secure.9to5Macs TakeWhile the DeepSeek app is technically impressive, and its been interesting to test its capabilities, wed caution against anyone using it for real-life tasks that involve any disclosure of personal data. You should assume that DeepSeek can identify you and see the content of your interactions.Were still at a relatively early stage of security researchers examining the app, so its probable that additional security and privacy issues will be revealed. Personally, Ive now removed it from my iPhone and would advise others to do the same.Image: 9to5MacAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel