Mac users of ChatGPT astonished after discovering unencrypted storage of their conversations

The collaboration between Apple and OpenAI got off to a bumpy start when ChatGPT users on macOS discovered that their conversations were being stored in plain-text files.
Apple, known for prioritizing privacy in a market where competitors often profit from selling user data, faced a privacy threat as exposed by data and electronics engineer Pedro José Pereira Vieito in a post on Meta’s Threads.


Source:
Pedro José Pereira Vieito
The Privacy Breach
ChatGPT was launched on macOS in May for subscribers, with general access for non-subscriber accounts becoming available on June 25. However, until July 5, the app was storing all chat logs in unencrypted plain-text files on users’ hard drives.
This flaw meant that anyone with access to the computer, whether physically or through remote attacks like malware or phishing, could access all conversations users had with ChatGPT.
Apple’s Safeguard
Apple’s macOS includes a privacy protection feature called “sandboxing” which regulates application access to software and data at the kernel level. Apps installed through Apple’s app service are automatically “sandboxed” to ensure data remains encrypted.
Pereira Vieito pointed out that the issue arose because the ChatGPT app on macOS is exclusively available through OpenAI’s website.
Though it’s unclear if any users were affected by this oversight, social media and pundit commentary expressed shock at the revelation.
For instance, user GeneralLex shared in the comments section of an article on the Verge that they found unencrypted text files stored on their computer:
The Why Behind the Mistake
The pressing question is: why did this happen? While the how has been established and the issue resolved, the reason behind it remains a mystery.
It’s possible that OpenAI stored chat logs in plain-text for easy access to aid in further ChatGPT development. Users are required to explicitly opt-out of data sharing with OpenAI as per the app’s terms of use.
However, why didn’t Apple step in to protect users before the app went live, and why didn’t OpenAI recognize the sensitivity of generating unencrypted data on users’ devices?
Cointelegraph contacted OpenAI and Apple for more information, but no immediate response was received from either party.
Related:
Apple is enhancing Siri and iOS with ‘Apple Intelligence’ alongside OpenAI.