Categories
App Store Apple Apps Developer Hack Hacks Mac macOS News privacy security Server Software

ChatGPT Mac App saved plain text chats to local files, updated version resolves the issue

If you downloaded and began playing around with the ChatGPT app for Mac recently, you might want to download the update.

According to The Verge, developer Pedro José Pereira Vieito noted that the app was locally storing users’ conversations with the chatbot in unencrypted plain text.

“I was curious about why OpenAI opted out of using the app sandbox protections and ended up checking where they stored the app data,” said Pereira Vieito.

That led Pereira Vieito to develop “ChatGPTStealer,” a simple app to demonstrate how easy it is to load the chats in a text window outside of the ChatGPT app. After successfully trying out the app for himself, Peters said he was also able to see the text of conversations on his computer just by changing the file name, indicating the extent of the privacy risk.

The ChatGPT Mac app is currently available solely through OpenAI’s website, meaning it has not been obligated to follow Apple’s sandboxing requirements that apply to software distributed via the Mac App Store. The oversight basically meant any other running app or process could potentially access the ChatGPT conversations without prompting the user for permission.

The Verge later contacted OpenAI about the issue, wherein company spokesperson Taya Christianson offered the following comment:

“We are aware of this issue and have shipped a new version of the application which encrypts these conversations. We’re committed to providing a helpful user experience while maintaining our high security standards as our technology evolves.”

After downloading the update (v1.2024.171), Pereira Vieito’s app no longer works, and Peters said he was no longer able to see his conversations with the chatbot in plain text.

As such, be sure to snag the new version and please let us know about your ChatGPT experience in the comments.

Via MacRumors, @pvieito, and The Verge