OpenAI released a ChatGPT app for Mac less than two weeks ago – and there's already been a security issue.
It turns out the ChatGPT for Mac app had been storing users' conversations with the AI chatbot in plain text.
OpenAI has since fixed the issue with an update, so its important to download the latest ChatGPT for Mac version from the OpenAI website.
ChatGPT for Mac security flaw
Last week, Threads user @pvieito discovered that the recently released ChatGPT for Mac application was storing user conversations with the AI chatbot in plain text in a non-encrypted location.
These conversations were stored locally, so a bad actor would've needed to access the user's computer to utilize these conversations for nefarious purposes. However, as Mashable and other outlets have recently reported, due to Microsoft's own issues with its Recall feature, bad actors are increasingly gaining access to unsuspecting victims' computers via malicious remote methods.
As @pvieito pointed out, OpenAI distributes its ChatGPT Mac app from its own website — not through Apple's own Mac App Store. Apple is notorious for its strict guidelines for developers who choose to distribute apps through their official app stores. However, third-parties who distribute through their own platforms are not held to the same security standards.
“We are aware of this issue and have shipped a new version of the application which encrypts these conversations,” an OpenAI spokesperson told The Verge in a statement last week. “We’re committed to providing a helpful user experience while maintaining our high security standards as our technology evolves.”
While the issue has since been fixed, it could not have come at a worse time for OpenAI. The ChatGPT creator and Apple just announced a partnership last month and Apple is notorious for prioritizing users' privacy. In fact, Apple's inability to trust Meta regarding privacy concerns has reportedly led to the iPhone maker passing on using Meta's AI models for its Apple Intelligence ambitions.
OpenAI will need to be more proactive about privacy and security issues in the future so its credibility doesn't come into question from its partners.