Source URL: https://slashdot.org/story/25/02/08/0531202/deepseek-ios-app-sends-data-unencrypted-to-bytedance-controlled-servers?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: DeepSeek IOS App Sends Data Unencrypted To ByteDance-Controlled Servers
Feedly Summary:
AI Summary and Description: Yes
Summary: The text discusses a security vulnerability in the mobile application DeepSeek, which transmits sensitive data over unencrypted channels, raising significant security and privacy concerns. It highlights the implications of using infrastructure provided by ByteDance and the potential national security risks tied to Chinese ownership, prompting calls for a ban on the app from government devices.
Detailed Description:
The article sheds light on critical security issues related to the mobile application DeepSeek, specifically regarding its handling of sensitive user data. Here are the key points of discussion:
– **Unencrypted Data Transmission**: DeepSeek reportedly sends sensitive data without encryption, making it accessible to individuals who can intercept the traffic. This lack of encryption poses significant risks, as attackers could potentially manipulate the data during transmission.
– **Apple’s ATS Recommendations**: Apple encourages developers to utilize App Transport Security (ATS) to enforce encryption on data transmitted over the network. However, DeepSeek has disabled this security feature globally, which raises immediate red flags about their commitment to user data protection.
– **ByteDance and Data Storage**: The application’s data is sent to servers controlled by ByteDance, the Chinese company also behind TikTok. This association raises concerns, particularly regarding potential data oversight and access by the Chinese government due to the company’s origins.
– **National Security Concerns**: U.S. lawmakers have started advocating for an outright ban on DeepSeek from government devices. The underlying fears revolve around the possibility of backdoor access to sensitive data by the Chinese Communist Party, which could jeopardize national security.
– **Privacy Policy and Data Location**: Despite the app connecting to infrastructure that may be US-based, the company’s privacy policy states that data is securely stored in China. This dichotomy raises questions about data sovereignty and compliance with security and privacy regulations.
– **Expert Insights**: Andrew Hoog, co-founder of NowSecure, commented on the situation, indicating that fundamental security practices are being neglected, which could endanger both individual and corporate data integrity.
This analysis emphasizes the growing importance of robust data protection mechanisms, particularly for applications linked to foreign entities. For professionals in security and compliance, the text serves as a stark reminder of the vulnerabilities that could exploit the intersection of software development, mobile security, and geopolitical tensions.