DeepSeek App Security and Privacy Concerns

McMaster University is committed to ensuring the safety and privacy of our community members.  

With input from our campus IT Security Team and our Privacy Office, we strongly advise all members of the McMaster community, especially employees with university-issued devices, to avoid installing the DeepSeek App, or if already installed, removing it from mobile devices due to several security and privacy vulnerabilities. 

A recent third-party audit has uncovered significant security and privacy issues within the DeepSeek mobile app. These vulnerabilities expose data transmitted or stored by the app to potential device tracking and eavesdropping through various network-based and cryptographic attacks.  

Although the audit focused on the Apple iOS operating system, similar weaknesses have been confirmed for the Android version of the app. 

Additionally, it is important to note that all data collected by the DeepSeek Platform (App and Web) is stored in the People’s Republic of China. This means the data is not subject to the same legal privacy protections as in North America and Europe.  

If you must use DeepSeek, we recommend a secure hosted solution elsewhere or self-hosting the open-source model to ensure better data privacy and security. 

For general information on protecting your personal privacy on social media, please refer to our previous article: Tips on Protecting Personal Privacy on Social Media. 

To learn more, visit the McMaster University IT Security website and the McMaster Privacy Office website. 

The Government of Canada also offers helpful resources on its Canadian Cyber Security website.