Recently, OpenAI announced the availability of ChatGPT desktop app for macOS. This app enables users to have conversations about various topics like emails, screenshots, files, and more on their Mac screens. Users can easily access ChatGPT by pressing Option + Space from any screen on their Mac. Additionally, the app allows users to search through their past conversations.
Security Concerns
A recent discovery by tech enthusiast Pedro José revealed that the OpenAI app for macOS was storing all user conversations in plain text within an unprotected file location at ~/Library/Application\ Support/com.openai.chat/conve…{uuid}/. This security vulnerability meant that any app, process, or malware running on a Mac could potentially access and read all ChatGPT conversations without any permissions.
Security Measures Taken
In macOS Mojave 10.14, Apple introduced a security feature to prevent unauthorized access to private user data. Apps such as Calendar, Contacts, Mail, Photos, and those in third-party app sandboxes require explicit user permission to access private data. However, OpenAI's ChatGPT app for macOS did not follow this security protocol. Instead, it stored conversations in plain text in an unprotected location, allowing any app to access private user data.
Similar Incidents
A similar security concern arose with Microsoft's Recall feature in Windows Copilot+ PCs, which led to the feature's launch being delayed. Microsoft has committed to using "just in time" decryption protected by Windows Hello Enhanced Sign-in Security (ESS) to ensure that Recall snapshots are only decrypted and accessible upon user authentication.
After this security flaw was brought to light, OpenAI has since updated its ChatGPT app for macOS to encrypt the locally stored private data. This move is aimed at enhancing user privacy and data security.
Following the security enhancements to the Recall feature, Microsoft plans to release it to Windows Insiders for further testing in the near future.
Source: pvieito (Threads)
