Due to several security and privacy vulnerabilities and weaknesses, IST strongly recommends that all members of the University of Waterloo community remove the DeepSeek App from their mobile devices.
A recent third-party audit of DeepSeek’s mobile app for the Apple iOS operating system has found several security and privacy issues, including:
Lack of transport layer security
Several poor data encryption practices
These weaknesses expose any data transmitted or stored, by the DeepSeek App, to potential device tracking and eavesdropping through various network-based and cryptographic attacks. While the audit was performed for the Apple iOS operating system, IST has confirmed the lack of transport layer security by the Android App and expects all weaknesses to apply to both mobile platforms.
Users of the DeepSeek Platform (App and Web) should also be aware that all data collected are stored in the People’s Republic of China, and therefore are not subject to the same legal privacy protections in North America and Europe. Anyone who wishes to continue to use the DeepSeek open-source model is advised to use a hosted solution elsewhere, where the data collection, privacy policy, and terms of service are more favourable. The DeepSeek open-source model may also be self-hosted.