By Todd Feathers Published February 10, 2025 | Comments (0) | The DeepSeek iPhone app. Justin Sullivan/Getty Images Justin Sullivan/Getty Images A cybersecurity company is warning businesses and organizations not to use a popular app from the generative AI company DeepSeek, saying that the program contains a number of security vulnerabilities that could compromise users data. The DeepSeek app, which shocked the stock market when it moved to the top of the Apple App Store in January, transmits data unencrypted over the internet and insecurely stores usernames, passwords, and other credentials, according to an analysis by mobile app security firm NowSecure. The vulnerabilities the firm found affect the mobile app through which many users access DeepSeeks AI models, not the models themselves, which can also be run locally on a users device or through a separate hosting platform.Because mobile apps change quickly and are a largely unprotectedattack surface, they present a very real risk to companies and consumers, NowSecure wrote. DeepSeek is high profile, but not unique. Analyzing the DeepSeek apps performance on real phones, NowSecure found that the iPhone version came with an important security feature designed by Apple turned off.The DeepSeek iOS app globally disables App Transport Security (ATS) which is an iOS platform level protection that prevents sensitive data from being sent over unencrypted channels, the analysts wrote. Since this protection is disabled, the app can (and does) send unencrypted data over the internet. The lack of encryption could make users susceptible to man-in-the-middle attacks, where someone with control over the network on which the device is communicating is able to view or modify communications between the user and DeepSeeks servers.NowSecure also found that in some instances the DeepSeek app was caching sensitive information, including username and password, in an unencrypted file on the device that could potentially be reviewed by an attacker who gained physical or remote access to the device. Other vulnerabilities NowSecure identified are more common among mobile apps. For example, the analysts determined that DeepSeek collects a variety of data about the network and device the app is operating on that can be combined with other information and used by data brokers, or potentially even more nefarious actors, to track and monitor a user. The NowSecure report comes as several governments are banning their employees from using DeepSeek due to security vulnerabilities and the fact that the company is based in China.On Monday, New York Governor Kathy Hochul announced that state employees were barred from using DeepSeeks models on their devices. Congress is currently considering a bill that would implement a similar ban at the federal level, and the governments of South Korea, Australia, and Taiwan have already blocked access to DeepSeeks models on official devices.Daily NewsletterYou May Also Like By Kyle Barr Published February 7, 2025 By Matthew Gault Published February 7, 2025 By Kyle Barr Published February 5, 2025 By Matt Novak Published February 5, 2025 By AJ Dellinger Published February 4, 2025 By Kyle Barr Published February 3, 2025