Pedro José Pereira Vieito told The Verge's Jay Peters: "I was curious about why OpenAI opted out of using the app sandbox protections and ended up checking where they stored the app data."
That led Pereira Vieito to develop "ChatGPTStealer," a simple app to demonstrate how easy it is to load the chats in a text window outside of the ChatGPT app. After successfully trying out the app for himself, Peters said he was also able to see the text of conversations on his computer just by changing the file name, indicating the extent of the privacy risk.
The ChatGPT Mac app is available solely through OpenAI's website, which is why it has not been obligated to follow Apple's sandboxing requirements that apply to software distributed via the Mac App Store. The oversight basically meant any other running app or process could potentially access the ChatGPT conversations without prompting the user for permission.
After The Verge contacted OpenAI about the issue, the company released an update that it says encrypts the chats. "We are aware of this issue and have shipped a new version of the application which encrypts these conversations," OpenAI spokesperson Taya Christianson told the website. "We're committed to providing a helpful user experience while maintaining our high security standards as our technology evolves."
After downloading the update (v1.2024.171), Pereira Vieito's app no longer works, and Peters said he was no longer able to see his conversations with the chatbot in plain text.
Tag: ChatGPT
This article, "ChatGPT Mac App Stored User Chats in Plain Text Prior to Latest Update" first appeared on MacRumors.com
Discuss this article in our forums