Disabling App Transport Security (ATS) in the DeepSeek iOS app significantly impacts user data privacy by allowing sensitive data to be transmitted over the internet without encryption. ATS is a security feature built into iOS that ensures data is sent over secure, encrypted channels, typically using HTTPS. By disabling ATS, DeepSeek's app can send data in plain text, making it vulnerable to interception and manipulation by unauthorized parties.
Security Risks
1. Interception and Eavesdropping: Without encryption, any data sent by the app can be intercepted by third parties who have access to the network. This includes personal information, device details, and other sensitive data that could be used for malicious purposes.
2. Data Manipulation: Not only can data be intercepted, but it can also be modified during transmission. This could lead to unauthorized changes to user data or even the injection of malicious content.
3. Deanonymization: The combination of device information and other data transmitted without encryption can be used to deanonymize users. This means that even if users attempt to remain anonymous, their identity could be uncovered through the data collected by the app.
Privacy Concerns
1. Data Exposure: The lack of encryption increases the risk of data exposure. If the data is intercepted, it can be accessed and exploited by unauthorized parties, potentially leading to privacy breaches.
2. Regulatory Compliance: Disabling ATS may also raise concerns about compliance with privacy regulations. Many jurisdictions require that sensitive data be transmitted securely to protect user privacy. By not adhering to these standards, DeepSeek may face legal challenges and regulatory scrutiny.
3. User Trust: The practice of sending unencrypted data undermines user trust in the app. Users expect their data to be handled securely, and the failure to meet these expectations can damage the app's reputation and deter users from using it.
Broader Implications
The decision to disable ATS reflects broader concerns about DeepSeek's approach to data privacy and security. The app's reliance on servers in China, where data privacy laws are less stringent, further complicates the issue. This setup can lead to data being accessed by foreign authorities or exploited in ways that users are not fully aware of when agreeing to the app's terms of service.
In summary, disabling ATS in the DeepSeek app poses significant risks to user data privacy by exposing sensitive information to interception and manipulation. This practice, combined with other security vulnerabilities and data handling practices, raises serious concerns about the app's commitment to protecting user privacy.
Citations:
[1] https://www.securitymagazine.com/articles/101374-dangers-of-deepseeks-privacy-policy-data-risks-in-the-age-of-ai
[2] https://networkats.com/solutions/it-management/data-privacy/
[3] https://thehackernews.com/2025/02/deepseek-app-transmits-sensitive-user.html
[4] https://www.opb.org/article/2025/02/05/international-regulators-probe-how-deepseek-is-using-data-is-the-app-safe-to-use/
[5] https://topechelon.com/recruitment-software/ats-data-security-protecting-candidate-information-in-your-recruitment-process/
[6] https://www.techmonitor.ai/technology/cybersecurity/deepseek-data-exposed-online-unsecured-database-cybersecurity
[7] https://krebsonsecurity.com/2025/02/experts-flag-security-privacy-risks-in-deepseek-ai-app/
[8] https://oorwin.com/blog/legal-ethical-ats-compliance-mastering-data-privacy.html
[9] https://www.nowsecure.com/blog/2025/02/06/nowsecure-uncovers-multiple-security-and-privacy-flaws-in-deepseek-ios-mobile-app/