Samuel Axon
OpenAI released a Mac desktop app for ChatGPT a few weeks ago to much fanfare, but it turned out to have a serious security flaw: User chats were stored in plaintext, allowing a malicious attacker with access to the user’s computer to find them.
As Threads user Pedro José Pereira Vieito noted earlier this week, “the OpenAI ChatGPT app on macOS is not sandboxed and stores all conversations in plaintext in an unprotected location.” This means that “any other running app/process/malware can read all your ChatGPT conversations without asking for permission.”
He added:
macOS has blocked access to all user private data since macOS Mojave 10.14 (6 years ago!). Any app that accesses private user data (Calendar, Contacts, Mail, Photos, third-party app sandboxes, etc.) now requires explicit user access.
OpenAI disabled all of these built-in defenses by leaving the sandbox and storing the conversations in plain text in an unprotected location.
OpenAI has now updated the app, and local chat is now encrypted, but still not sandboxed. (The app is available for download directly from the OpenAI website, and is not available through the Apple App Store, which requires stricter security.)
Many people now use ChatGPT like they use Google: to ask important questions, triage issues, etc. Often, sensitive personal data can be shared in these conversations.
It’s not looking good for OpenAI. OpenAI recently partnered with Apple to provide a chatbot service built into Apple’s operating systems for Siri queries. But Apple detailed the security around these queries at WWDC last month, and it’s stricter than what OpenAI did (or, more accurately, didn’t do) with its Mac app, which is a separate initiative from the partnership.
If you have been using the app recently, please update it as soon as possible.
