Phishing simulation Awareness training Data breach detection Pricing About Blog Resources Contact
Get started Log in

DeepSeek's Android app: Flaws & privacy risks

DeepSeek’s Android app has been found to have weak encryption and privacy risks. Learn more about the security concerns.

12-02-2025 - 8 minute read. Posted in: awareness.

DeepSeek's Android app: Flaws & privacy risks

DeepSeek: Security concerns - A warning for Android users

DeepSeek, a rapidly growing AI-powered assistant, has come under scrutiny due to significant security and privacy flaws in its Android application. DeepSeek is a Chinese company that has seen a remarkable rise in the AI sector. Recent research has revealed weak encryption practices and vulnerabilities that could expose user data to malicious actors. These findings raise concerns about the app’s commitment to safeguarding sensitive user information and highlight broader risks in AI-driven applications.

What is DeepSeek and its AI capabilities

DeepSeek is a high flyer in the AI industry, known for its cutting-edge development of large language models (LLMs). These models are designed to process and generate human-like language, enabling them to perform a variety of tasks such as answering questions, generating text, and even creating content. At the core of DeepSeek’s AI systems is a sophisticated technology that leverages multi-head latent attention and reinforcement learning. This combination allows the models to efficiently handle complex reasoning tasks and improve their performance over time.

The company’s AI systems are not only powerful but also highly efficient and cost-effective, making them an attractive option for businesses and individuals looking to harness the power of artificial intelligence. By fine-tuning their base models, DeepSeek ensures that their AI solutions are tailored to meet specific needs, providing a versatile tool for a wide range of applications.

Encryption issues: A gateway for data exposure

One of the most alarming discoveries is the app’s use of weak encryption mechanisms, which leave user data susceptible to interception. Security researchers have found that DeepSeek employs outdated cryptographic algorithms, making it easier for attackers to decrypt transmitted data. This means that any data exchanged between the app and its servers – including usernames, passwords, chat logs, and other sensitive details – could be easily intercepted by cybercriminals using basic hacking techniques. Furthermore, the app does not implement proper certificate pinning, which could allow attackers to exploit fake certificates to intercept traffic and steal user data.

Without robust encryption, cybercriminals could potentially access users' personal messages, login credentials, and other private information, exposing them to identity theft, financial fraud, and unauthorized surveillance. Given that DeepSeek functions as an AI-powered assistant handling potentially confidential user queries, the lack of encryption also raises ethical concerns regarding data security and misuse.

Inadequate encryption can have severe consequences, particularly in applications that process sensitive user data. Modern security standards dictate the use of end-to-end encryption (E2EE) or at least strong TLS protocols, neither of which are properly implemented in DeepSeek's Android version. This lack of security not only puts users at risk but also undermines trust in AI-driven applications, which rely on vast amounts of personal data to function effectively.

Data collection and privacy concerns in large language models

Beyond encryption flaws, DeepSeek's app raises concerns about excessive data collection. The app reportedly requests more permissions than necessary, gathering metadata and potentially tracking user behavior beyond what is disclosed in its privacy policy. This overreach could lead to unauthorized data harvesting, making users vulnerable to intrusive profiling and third-party tracking.

Such practices conflict with privacy regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which emphasize transparency and user control over personal data. Users should be particularly cautious when apps request permissions unrelated to their core functionality, as this could indicate a broader disregard for privacy best practices.

Potential for man-in-the-middle (MitM) attacks

Due to its weak encryption, DeepSeek’s Android app is at risk of man-in-the-middle (MitM) attacks. These attacks occur when an attacker intercepts and potentially alters communication between the user and the server. In the case of DeepSeek, unprotected data transmissions mean that a hacker connected to the same network could eavesdrop on user activity, steal credentials, or inject malicious content into data exchanges.

Given the app's AI-driven nature, where users interact with a virtual assistant and possibly share sensitive queries, such vulnerabilities present a major security risk. Without immediate remediation, DeepSeek users could unknowingly expose their personal and professional information to cyber threats. To understand how MitM attacks work and how to prevent them, explore our in-depth guide.

Government response and ban

In light of the security concerns surrounding DeepSeek’s AI technology, several governments have taken decisive actions to ban or restrict its use. For instance, the Australian government has prohibited the use of DeepSeek’s technology on all government devices, citing potential risks of misuse. Similarly, the New York State government has implemented a statewide ban on the use of DeepSeek’s AI applications for ITS-managed government devices and networks.

These measures underscore the importance of thoroughly evaluating AI technology for potential risks and biases. Governments are prioritizing the security and integrity of their systems by taking proactive steps to mitigate any potential negative consequences associated with the deployment of AI systems.

Impact on Android users

The proliferation of DeepSeek’s AI technology is also making waves among Android users. As these advanced AI models become more accessible, users may notice an increase in AI-powered features and applications on their devices. While this can enhance user experience, it also brings to the forefront concerns about AI-powered malware and other security threats.

Android users should be aware of these potential risks and take proactive measures to protect themselves. This includes staying informed about the latest developments in AI technology and being cautious when downloading and installing new applications. By doing so, users can enjoy the benefits of AI while minimizing their exposure to security vulnerabilities.

Mitigating the risks: Recommendations for Android users

To safeguard against the risks associated with DeepSeek’s AI technology, Android users can adopt several best practices:

  1. Ensure your device and software are always up to date: Regularly update your device’s operating system and software to stay protected with the latest security patches and enhancements.

  2. Be cautious when downloading and installing new applications: Only download apps from trusted sources, and carefully review the permissions requested by new applications.

  3. Use a trusted antivirus program: Choose a reliable antivirus software to protect your device from malware and other security threats.

  4. Utilize strong passwords and activate two-factor authentication: Generate unique, secure passwords for your accounts and activate two-factor authentication whenever available.

  5. Monitor your device’s activity: Keep an eye on your device’s activity and be alert to any suspicious behavior or activity.

By following these recommendations, Android users can mitigate the risks associated with DeepSeek’s AI technology and ensure their devices remain secure.

The industry's response and DeepSeek's next steps

The security community has urged DeepSeek to address these vulnerabilities through software updates, stronger encryption protocols, and a more transparent privacy policy. DeepSeek's models need to be fine-tuned to address security vulnerabilities. While the company has acknowledged some concerns, there is no confirmation yet on whether these issues will be fully mitigated.

For users, the safest course of action is to:

  • Limit app permissions by reviewing and disabling unnecessary access.

  • Use a VPN to add an extra layer of encryption to their connections.

  • Monitor data-sharing policies and stay informed about security updates from DeepSeek.

A cautionary tale for artificial intelligence-powered apps

DeepSeek’s security flaws highlight a larger issue in the AI and mobile application industry: rapid deployment at the cost of security. Ensuring security must remain a top priority for AI-powered applications. As AI-powered applications become more prevalent, companies must prioritize robust cybersecurity measures to protect users from privacy invasions and cyber threats.

For now, Android users should remain cautious when using DeepSeek’s app and consider alternative AI assistants with stronger security measures in place. Privacy and security should never be an afterthought in digital innovation.

DeepSeek and the future of AI: Innovation or security threat?

In conclusion, while DeepSeek’s AI technology holds the promise of revolutionizing our interaction with devices and access to information, it also brings significant security and privacy concerns. Governments and individuals alike must carefully evaluate the potential risks and benefits of AI technology and take steps to mitigate any negative consequences. By prioritizing responsible and ethical development and use of AI, we can harness its potential to benefit society as a whole while safeguarding against its A recent cyberattack on DeepSeek has already exposed critical vulnerabilities in the Lagre language model. Dive into our latest article: DeepSeek: AI startup faces massive cyberattack to uncover the details of the attack and its implications. Meanwhile, AI continues to reshape the cybersecurity landscape, playing a crucial role in both defense and attack strategies. Understanding these dynamics is essential, explore our insights on how AI has changed cybersecurity to learn more about the evolving threats and protections in place.

Author Sarah Krarup

Sarah Krarup

Sarah studies innovation and entrepreneurship with a deep interest in IT and how cybersecurity impacts businesses and individuals. She has extensive experience in copywriting and is dedicated to making cybersecurity information accessible and engaging for everyone.

View all posts by Sarah Krarup

Similar posts

NLP: The language that changes technology
tips

NLP: The language that changes technology

Natural language processing is changing the way we can use technology - at work, in our everyday lives and for multiple businesses.

22-11-2023 · 5 min.
A guide to Cyber Threat Intelligence
cybercrime

A guide to Cyber Threat Intelligence

Cyber Threat Intelligence acts as your organisation's primary defence against threat actors and security risks.

05-05-2022 · 10 min.
The future of whistleblowing
whistleblowing

The future of whistleblowing

As with so much of our working lives, whistleblowing is also affected by evolving technology. Read on to learn about the future of whistleblowing.

02-11-2023 · 6 min.