The recent discovery of ChatGPT for Mac app storing queries in an unencrypted file has raised concerns about user data privacy and security. AppleInsider reported that the app bypassed Apple’s strict guidelines on protecting user data with sandboxing by storing conversations in plain text until a patch was released on June 28.
Sandboxing is a crucial security measure that siloes data between apps so that no single app can access another app’s data without proper APIs or user permission. By opting out of sandboxing, ChatGPT left user conversations vulnerable to unauthorized access by any other Mac app on the system.
The issue was brought to light by Pereira Vieito, who shared the problem on Threads. OpenAI, the company behind ChatGPT, released an update on Friday to encrypt all data obtained through the app, ensuring greater security for users.
While apps submitted to the Mac App Store undergo rigorous review processes to ensure compliance with sandboxing requirements, ChatGPT for Mac is distributed from the web and does not utilize sandboxing. This allowed the app to access sensitive user data, such as emails and confidential records, without proper safeguards in place.
In a statement to The Verge, OpenAI spokesperson Taya Christianson acknowledged the issue and emphasized their commitment to providing a secure user experience. The latest version of ChatGPT for Mac now encrypts all conversations, addressing the previous vulnerability.
If you have installed ChatGPT for Mac, it is advisable to update to the latest version to safeguard your data. While there is no evidence of the vulnerability being exploited, it underscores the importance of ensuring robust security measures are in place, especially for apps that handle sensitive information.
Looking ahead, users can soon choose to send requests to ChatGPT instead of Apple Intelligence as part of macOS Sequoia, offering an alternative option for personalized assistance. The incident serves as a reminder of the significance of data privacy and the need for stringent security protocols in app development and distribution.
