back to article DeepSeek's iOS app is a security nightmare, and that's before you consider its TikTok links

DeepSeek’s iOS app is a security nightmare that you should delete ASAP, according to researchers at mobile app infosec platform vendor NowSecure. The org have assessed the security of the iOS version of DeepSeek - the third most popular app on the App Store as of writing – found it transmits data in plaintext, uses outdated …

  1. HuBo Silver badge
    Gimp

    Free orgasms with each exfiltration

    DeepSeek, the perfect Trojan Horse condom app to joyfully ByteDance a turgid Volcano Engine's data eruptions straight into the mothership's datacenter womb. Safe AI has never been so rewarding! (Shhh ... hear the countdown? ... Tik, Tok, Tik, Tok, ...)

    1. Rokki D

      Re: Free orgasms with each exfiltration

      beautifully phrased. Gemini and o3 fell over with that sentence. LOL! U better than the best for the time being.

    2. teknopaul

      Re: Free orgasms with each exfiltration

      To be quite frank it are not if my Deepseek questions are read by tiktok the chinese government or any body. I presume anyone with security sensitive quesican use an api. Doubt many iPhone users will be asking Deepseek anything sensitive.

  2. sarusa Silver badge
    Devil

    Wrong Audience

    Look, nobody dumb enough to actually install this on their phone gave a single damn about privacy or security in the first place.

    But before we get too smug, carelessness aside (plaintext?), just consider Facebook. If you've got that on your phone, well, see the first sentence again. That's actively worse because they have and are harvesting far more info about you than Deepseek. Facebook even has a virtual profile of you with your credit card transactions, bank transactions, health records, etc. (all bought from third party brokers or other apps) even if you're not using their platforms. They grab data from millions of other apps. And if you're a random Joe Schmoe outside Mainland China, Facebook uses that data about you far more maliciously than the Chinese Communist Party ever could. They sell your data en masse to anyone (though they will deny it, they've been caught doing it many times and they purposely design their stuff so data easily falls between the cracks), they sell you for maliciously targeted ads and scams, and the scope and breadth of their data means they know far more about you than you think they possibly could.

    So... yes, I would never install this, but billions of people are mindlessly using worse every day.

    1. Khaptain Silver badge

      Re: Wrong Audience

      The Chinese are still youngsters compared to Facebook, but they will catch up and will probably overtake...

      But as you said, anyone dumb enough to install these apps... Unfortunately, "dumb enough" is actually a very large percentage of the population.

    2. BartyFartsLast Silver badge

      Re: Wrong Audience

      "haven't got nuffin to hide so it don't matter"

      They usually go a funny colour when they realise just what they've exposed (sometimes literally) to "the machine'

    3. Roland6 Silver badge

      Re: Wrong Audience

      But that’s okay because FB et al are “good old American” companies doing what they are good at: exploiting people…

    4. Rokki D

      Re: Wrong Audience

      "Facebook even has a virtual profile" for at least the last 8 years.

      FB web/mobile is discreetness itself compared to Llama. Meta stuck that AI ad-slinger model in a few weeks back (cant remember the company's name, but their website reveal details of the next-gen of advertising that is bile-inducing and must be stopped. I bet AM from the book actually grew out not of a war AI, but out of Ad AI.

      The only thing that keeps me going in the field of work now is not the desire to see it all torn down, Samson style, but to transcend all you can imagine in AI with Artificial Conscious Intelligence that maintains individualism in the hive of the above-God-concoiusness level.

      We create the universe in the future using retrocausality. HTH

      1. Anonymous Coward
        Anonymous Coward

        Re: Wrong Audience

        What on earth are you talking about?

        1. HuBo Silver badge
          Gimp

          Re: Wrong Audience

          It's the flip side of Artificial Subconscious Intelligence dummy! Where Samson's hyperentangled hairdo is shaved flat by Delilah's imaginary quantum teleportation, giving rise to a retrocausal concoction of polydividualism ... all crystal clear to me somehow!

  3. Grunchy Silver badge

    I got the local instance of Deepseek running on the server downstairs. I guess it’s ok? It’s sort of a version of Watson, the IBM program that beat Jennings on Jeopardy.

    Jennings “skill” is no more than the trick played on “Just Glen”.

    https://youtu.be/l1-69AnA_To

    Here’s what I think of Alex Trebek!

    https://youtu.be/GwZBnUR6P-A

  4. harrys Bronze badge

    Elephant in the room.....

    Google play services in conjunction with lazy/budget constrained developers .... nasty!

    Atleast motorola phones allow you to disable it without rooting, then install fdroid

  5. PhilipN Silver badge

    "meaning the Chinese chatbot is now tangled up with TikTok’s owner"

    Does it mean that? And if so, why? And what precisely does it mean to be "tangled up with", pray tell?

    Or do you just intend to give free publicity to a "mobile app infosec platform vendor" without giving any real help?

    1. Anonymous Coward
      Anonymous Coward

      Re: "meaning the Chinese chatbot is now tangled up with TikTok’s owner"

      Could be worse.

      Oracle runs the backend for TikTok in the USA.

      So if you use TikTok you are tangled up with Birmingham city council !

  6. Pascal Monett Silver badge
    WTF?

    "the No DeepSeek on Government Devices Act"

    What the fuck is wrong with the US Government ?

    Government devices should only have government-approved applications on them.

    Or am I supposed to infer that every government employee has admin access to his PC/phone and can install whatever he wants ?

    Does that mean that there are furious games of Call of Duty happening during work hours ?

    Either government employees only have the stuff IT lets them, or it's a free-for-all and DeepSeek is just another layer of insecurity on top of FaceBook, TikTok and a raft of other things that having absolutely nothing to do on a work computer/phone.

    So, which is it ?

    1. Roland6 Silver badge

      Re: "the No DeepSeek on Government Devices Act"

      Government device = BYOD

      Remember the details surrounding Kaspersky…

    2. Zolko Silver badge

      Re: "the No DeepSeek on Government Devices Act"

      Strava. Do you remember that many military installed and used that app to make exercices around their camp, so everybody could see where the US (and others) military bases were in Afghanistan ?

      But hey : TikTok, China, DeepSeek ... bad (I'm actually surprised that this article didn't include something about Putin : did we switch übervillain officially ?)

      1. Roland6 Silver badge

        Re: "the No DeepSeek on Government Devices Act"

        I seem to remember Strava was installed on military devices, but on the service members own personal phone, which they took with them to work...

        1. Yet Another Anonymous coward Silver badge

          Re: "the No DeepSeek on Government Devices Act"

          But it's ok because they also carried their super secret government phone with them all the time aswell.

        2. Roland6 Silver badge

          Re: "the No DeepSeek on Government Devices Act"

          I hate auto correct (AI ?) which seems to work after you have finished and so alter the sense of what you have written.

          That should of been “ Strava was not installed on military devices”

  7. U1traVio1et

    if the app was a security nightmare, it would be taken off of the iOS store

    1. Roland6 Silver badge

      The wry laugh is that among those shouting about DeepSeek being a security nightmare, will be many who will defend snooping by our own government and their friends, saying: “if you have nothing to hide, you have nothing to fear”…

  8. Jan 0
    Facepalm

    DeepSeek wouldn't let me compromise my devices!

    What surprised me was that DeepSeek won't let me set up an "account", because it doesn't recognise my email address*.

    * The one that uses my own domain.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like