- OpenAI's newly launched ChatGPT app for macOS stored user chats in plain text, making them easily accessible to any app or malware, as revealed by developer Pedro Vieto.
- Following the security flaw exposure, OpenAI released an updated version of the ChatGPT macOS app that encrypts user conversations to enhance privacy and security.
On June 5, OpenAI released the ChatGPT desktop application for macOS to all users. However, OpenAI’s recently launched ChatGPT macOS had a concerning security flaw: it stored user chats in plain text on the computer, making it easy for anyone with access to the device to read these conversations.
The issue was revealed when developer Pedro Vieto posted a video on Threads, demonstrating how the chats were easily accessible.
“So basically any other running app / process / malware can read all your ChatGPT conversations without any permission prompt, ” Vieto noted.
Vieto also pointed out that since macOS Mojave 10.14, macOS has restricted apps from accessing private user data like Calendar, Contacts, Mail, and Photos without explicit user permission.
But then OpenAI decided not to use the sandbox security feature and instead stored conversations in plain text in an unprotected location, “disabling all of these built-in defenses.”
The Verge, who reported this whole matter, contacted OpenAI about the issue and the company responded by releasing an update. OpenAI spokesperson Taya Christianson told The Verge that they are aware of this issue and have released a new version of the app that encrypts these conversations.
The ChatGPT macOS app was introduced just before Apple's WWDC 2024, where OpenAI and Apple announced plans to integrate OpenAI’s chatbot into Apple’s iPhone, iPad, and Mac systems.
However, the app didn't receive much attention initially because it was launched at the same time as GPT-4o, OpenAI's main generative artificial intelligence (AI) model.
Additionally, Tesla and SpaceX chief Elon Musk criticized Apple and made it clear that he would ban Apple devices at his companies if Apple incorporated OpenAI into its operating system, citing significant security concerns. He also criticized Apple for relying on OpenAI for AI technology, suggesting that Apple doesn't understand the risks to user data and security, and accusing them of failing their customers.
Edited by Harshajit Sarmah