Thomas Reed, staff product manager for Mac endpoint detection and response at security company Huntress and iOS security expert, said he discovered the results of Nowsecure.
“It’s generally a bad idea that ATS is disabled,” he wrote in an online interview. “This allows apps to communicate via unstable protocols, like HTTP. Apple allows that and I’m sure other apps will probably do that, but That shouldn’t be the case. In this age, there is no good reason for this.”
He added: “Even if they end up ensuring communication, I still really dislike sending sensitive data to servers that the Chinese government can access.”
HD Moore, founder and CEO of Runzero, said he is not too worried about other Chinese companies that have access to data.
“Unencrypted HTTP endpoints are not allowed,” he wrote. “While mobile apps and their framework partners (bytedance, volcengine, etc.) will expect Hoover device data in the same way as anything else, HTTP endpoints can be used not only for vendors and their partners, but for anyone on the network path. We will publish the data.”
On Thursday, US lawmakers cited national security concerns that the Chinese Communist Party may have built backdoors to services to access sensitive private data from Americans, and all governments said. We have begun pushing to immediately ban Deepseek from our devices. If given, Deepseek may be banned within 60 days.
This story has been updated to add more examples of security concerns regarding Deepseek.
