 "Image Credit: Reuters")
DeepSeek, the AI chatbot rapidly gaining popularity as a competitor to ChatGPT, Gemini, and Copilot, is under fire for allegedly sending unencrypted user data to servers controlled by ByteDance, the Chinese parent company of TikTok.
Cybersecurity firm NowSecure has raised alarms over the app’s lack of proper data security, which could expose sensitive user information to interception and misuse.
Unprotected data channels pose risks
According to NowSecure’s findings, DeepSeek’s iOS app is transmitting sensitive data over unencrypted channels. This practice leaves user data vulnerable to anyone capable of monitoring the network traffic, including malicious actors who could intercept and exploit the information. The risk is heightened by the app’s failure to implement Apple’s App Transport Security (ATS), a recommended feature designed to enforce encrypted data transfers.
While some of the data is encrypted using standard transport protocols, experts caution that once the data reaches ByteDance’s servers, it is decrypted and could potentially be cross-referenced with other datasets to identify individual users. This weak data protection raises significant concerns over user privacy and security.
The report also revealed that the app relies on an outdated encryption method known as 3DES (Triple Data Encryption Standard), which is known to be vulnerable to practical attacks. Additionally, DeepSeek appears to be storing user data insecurely on devices, increasing the likelihood of credential theft and other security breaches.
ByteDance connection sparks concerns
The revelation that DeepSeek’s data is being sent to ByteDance servers has exponentially increased fears of potential misuse of user information. ByteDance, which owns TikTok, has faced intense scrutiny over its data handling practices and alleged ties to the Chinese government.
The connection between DeepSeek and ByteDance could lead to further regulatory scrutiny, especially in regions with strict data protection laws.
DeepSeek’s rapid rise to the top of Apple’s App Store charts has only intensified these concerns. Within two weeks of its launch, the app has overtaken ChatGPT as the top free app, offering AI-driven capabilities comparable to OpenAI’s chatbot but at a significantly lower cost.
Growing scrutiny of AI and privacy
This incident adds to the ongoing debate over the privacy risks associated with AI apps, particularly those linked to companies with international data operations. Security experts are urging users to be cautious when using such apps, especially those with unclear data policies or ties to controversial organisations.
Apple has not yet commented on the situation, but experts expect increased pressure on the company to enforce stricter data security measures for apps on its platform. Likewise, regulators and privacy advocates may call for more transparency from DeepSeek regarding its data practices and encryption protocols.
For now, DeepSeek’s security shortcomings serve as a reminder of the importance of robust data protection in the rapidly evolving world of AI-powered apps. Users are advised to stay vigilant, particularly when apps request sensitive information without clearly explaining how it is secured.