DeepSeek has rapidly climbed to the top of the app store charts, capturing global attention. With its popularity, many organizations are now facing the question: Will they follow the suit of governments and ban the use of a mobile app that collects and sends data to China?
Quokka first scanned the mobile app in late January, as news broke that it surpassed ChatGPT as the most popular free app on the app stores. Our automated scan confirmed what would be expected: as an app developed in China, it does contain several domains and IPs that trace directly back to Chinese servers. Additionally, there are several weaknesses in the app, such as hard coded keys and lack of encryption, that make it susceptible to MitM attacks. While our behavioral modeling also revealed there’s no immediate red flag suggesting it’s a malicious app, enterprises need to assess whether it aligns with their security policies, risk tolerance, and compliance requirements before approving it on their mobile fleets.
DeepSeek’s rise in popularity also highlights a larger conversation: Organizations must stay ahead of emerging mobile app trends and evaluate their risk exposure accordingly. The reality is DeepSeek isn’t the only app that collects and sends app user data to China – other harvester apps are published on app stores with a lot less publicity. For example, a popular document scanning app openly collects scanned documents and has data connections to China. Many of Quokka’s US Government customers already set automatic alerts in our tools for data going to China, Russia, or other countries, so they can find and fix that and other problems as soon as they appear.
The key isn’t just to react—it’s to stay proactive, informed, and in control of your mobile ecosystem.
Understanding the DeepSeek risk spectrum
DeepSeek’s rapid adoption means it is being downloaded across thousands of personal and corporate devices, but its security implications were largely unknown to individuals installing the app. One critical challenge for enterprises is knowing which devices in their mobile fleet have DeepSeek installed, especially as more employees use the same device for both personal and work purposes.
Using personal and business access on the same device can increase an additional risk that many organizations aren’t prepared to handle—blurring the line between personal and corporate data policies. Without proper visibility, enterprises may struggle to enforce security policies, detect potential vulnerabilities, or ensure compliance with regulatory standards. As with any newly trending app, enterprises must consider potential security gaps that could put corporate data and networks at risk. Some key concerns include:
- Unverified data handling – Does DeepSeek follow best practices for securing sensitive user and corporate data, or collects excessive information?
- Use third-party libraries – Many apps are built with third-party libraries, increasing exposure to supply chain vulnerabilities, making them a weak point of entry for attackers.
- User behavior risks – Employees using DeepSeek for personal use on work devices may unknowingly expose enterprise information to security threats.
Securing the mobile ecosystem isn’t about labeling apps as good or bad—it’s about making informed, risk-based decisions. The widespread adoption of an app does not necessarily guarantee its suitability for corporate environments. Factors like data access permissions, network behavior, and third-party integrations all play a role in determining whether an app aligns with an organization’s security framework.
Why visibility matters for enterprise security
Recent reports indicate DeepSeek has faced scrutiny over potential privacy risk, including permissions that may allow it to access more data than necessary. Keeping a regular check on the permissions granted and used by an app within your settings is critical.
If DeepSeek—or any other app—requests access to sensitive features like your phone, microphone, camera, photo album, or file storage, enterprises should carefully evaluate the necessity of these permissions. Granting excessive permissions unnecessarily increases security risks, and organizations should enforce policies that limit such access where possible.
Failure to evaluate an app’s full risk profile before widespread adoption could lead to data leaks, compliance violations, and increased attack surfaces. Security teams need deeper visibility into how an app operates beyond the surface. This includes:
- Permissions & data access: What user data does DeepSeek collect? Does it have access to sensitive information like contacts, messages, or location?
- Network communications: Where does the app send data? Does it communicate with unknown or high-risk servers?
- Code & behavior analysis: Are there any hidden functions or excessive background activity that could pose a risk over time?
Without deeper insight, enterprises risk unknowingly exposing their infrastructure with data leaks, regulatory non-compliance, or security vulnerabilities.
How Quokka helps enterprises make informed risk-based decisions
Quokka’s Contextual Mobile Security Intelligence platform powers Q-scout, a mobile endpoint security solution offering insights far beyond basic app store evaluations. By utilizing advanced app vetting technology, Q-scout delivers comprehensive risk assessments that enable security teams to make informed decisions.
Designed for organizations that demand more than surface-level visibility, Q-scout uses ML-based behavior-driven detection to identify threats proactively—before they can jeopardize your systems. From analyzing app permissions and network activity to uncovering hidden vulnerabilities, Q-scout provides real-time intelligence that empowers security teams to respond swiftly and effectively.
With Quokka, enterprises get the deep visibility they need to make confident, data-driven decisions about every app that enters their mobile fleet. Ultimately, enterprises should assess all mobile apps for risks, not just the highly publicized ones.Want to see how Quokka can help you assess DeepSeek and other apps? Contact us today.
