Yesterday, it was discovered that the ChatGPT app for Mac had a major security flaw: all the conversations we had with the OpenAI chatbot were stored in plain text on the Mac. A situation that raised many alarms, though today we’ve discovered an easy solution.
Unencrypted conversations until yesterday’s update
Privacy is a topic of great importance in the information age, and the recent situation surrounding the official ChatGPT application for macOS has once again highlighted the need to pay attention to how data is managed and stored.
In macOS, the sandboxing system provides an isolated environment for applications, limiting their ability to interact with other parts of the system without explicit permission. This feature is essential for protecting personal data, but the ChatGPT app didn’t use this system, storing conversations in a way that was accessible to any application or process on the device.
While App Store rules require apps to use sandboxing, not all apps on Mac come from Apple’s app store. In such cases, the absence of sandboxing means that any process or application, including malicious ones, can access the conversations stored by the ChatGPT app.
Fortunately, after the news was published, OpenAI released an update that encrypts stored conversations, mitigating the risk of unauthorized access. Updating our device as soon as possible, then, as we wait for the app to decide to use sandboxing techniques, is all we can do for now.
Beyond this, entering the field of general recommendations, there are several that we must take into account.
- Always update to the latest version: OpenAI has responded to the security issue with an update that encrypts stored data. The same can happen with other apps —or even with our AirPods— so keeping them up to date is vital.
- Review app permissions: macOS allows more flexibility than iOS in terms of system access, but you can review your apps permissions in System Preferences > Privacy and Security.
- Download apps only from trusted sources: It’s recommended that you download apps from the Mac App Store, or make sure that any application downloaded from external sources is trustworthy and uses techniques such as sandboxing.
- Sensitivity in conversations: Although security measures can be improved, it’s advised to be very careful with personal or sensitive information shared through any application, including ChatGPT.
The truth is that OpenAI’s response to the situation has been quick and accurate. However, the initial choice to leave conversations without encryption or protection is also noteworthy. Yesterday we were talking about the more than 3 million apps that are exposed due to the security flaw in CocoaPods. In this case, simply updating is enough, but the situation serves as a reminder that caution is oftentimes not enough.
Source: The ChatGPT app on Mac leaves all our conversations exposed, but it has an easy solution
