Using ChatGPT for Mac? Update Now to Fix This Privacy Hole

MacBook Pro showing ChatGPT prompts Credit: Emiliano Vittoriosi
Text Size
- +

Toggle Dark Mode

Last month, OpenAI released a native Mac app for ChatGPT fans, but unfortunately, in its rush to get its chatbot onto the Mac, the company seems to have overlooked one important privacy and security issue.

It turns out that all of the conversations you’ve had with ChatGPT are not only stored on your Mac in plain text, but they’re also left in an open location that any other app can get access to.

Why Thousands Like You Are Lining Up for This Card

During economic times like these, balance transfers can really make a difference. Give yourself 18 extra months to pay it off, without accruing any interest at all. And earn 2% on everyday purchases while you're at it! Learn More Here

This gaping flaw was discovered and reported on Threads by Pedro José Pereira Vieito, a data and electronics engineer and Swift developer, who explains that not only is this just plain bad form for any self-respecting Mac app — it also leaves the door open for malware or other apps to get access to your private data and do pretty much whatever they want with it.

macOS has blocked access to any user private data since macOS Mojave 10.14 (6 years ago!). Any app accessing private user data (Calendar, Contacts, Mail, Photos, any third-party app sandbox, etc.) now requires explicit user access. Pedro José Pereira Vieito

This doesn’t appear to be merely an oversight on OpenAI’s part, either. As Vieito explains, “OpenAI chose to opt-out of the sandbox and store the conversations in plain text in a non-protected location, disabling all of these built-in defenses.”

In this context, the “sandbox” is a security feature that keeps apps running in their own partitioned-off environments where they can only access their own data. To communicate with the operating system or other apps, they need to go through macOS, which enforces privacy and security controls, asking the user for permission to access things like contacts, calendars, and photos and blocking system-level things that few apps need to access — at least not legitimately.

Sandboxing has been the norm on iOS and iPadOS since the App Store debuted, but Apple didn’t bring it to the Mac until OS X Lion in 2011, although it was initially only for apps distributed through the Mac App Store. With macOS Mojave in 2018, Apple added more granular permission controls and allowed third-party apps to benefit from sandboxing without going through the App Store.

ChatGPT for Mac’s lack of sandboxing doesn’t let it access anything else on your Mac since nearly everything else that’s installed should be sandboxed, but it does allow other apps to access anything that ChatGPT stores on your Mac—including your chat history.

That might not be a big problem if OpenAI had bothered to add even rudimentary encryption to ChatGPT for Mac. Unfortunately, it didn’t do that either; everything is in plain text and easily readable by any app. The files can be found in the user’s Library folder under Application Support/; they’re stored as binary property list files, but the text is still unencrypted within them, and it’s trivial for a person or third-party app to convert them to XML or simply scrape the text out directly.

While it’s not common for even Apple’s first-party apps, like Mail and Notes, to store data in plain text, the Mac’s sandboxing restrictions prevent other apps from getting at this data, so encryption isn’t necessary. ChatGPT, on the other hand, failed on both counts.

To be fair, there’s no huge expectation of privacy when using ChatGPT in the first place, as OpenAI makes it clear that all your conversations are open to the company to help train the chatbot, but there’s a big difference between what OpenAI employees can see and what friends, family, or hackers can glean from your computer.

Fortunately, it appears that OpenAI has resolved this problem. When The Verge contacted the company, a spokesperson said it was already aware of the issue and shipped an update that encrypts the chats.

It’s unclear when the problem was fixed, but the latest version of ChatGPT for Mac, 1.2024.171 (1720028552), is dated today (July 3) at 1:50 p.m. and no longer exhibits this behavior. As soon as we updated the app, the conversation files in the ChatGPT library folder became unreadable by a standard text editor. While we’re not going to assume OpenAI is using unbreakable encryption here, it’s still far better than leaving everything lying around in plaintext.

Social Sharing