Convenience quickly turned into concern among Mac users after a developer pointed out that the macOS app for ChatGPT was storing conversations in plain text, a flaw that made user data vulnerable to security risks.

In a post uploaded on Threads, developer Pedro José Pereira Vieito initially raised the concern, writing, “The OpenAI ChatGPT app on macOS is not sandboxed and stores all the conversations in plain-text in a non-protected location: ~/Library/Application\ Support/com.openai.chat/conve…{uuid}/.” This meant that any application and even malicious software could access the conversations without permission.

The issue was discovered due to Vieito’s curiosity about why OpenAI decided against using Apple’s sandbox protections. This led him to check the location where data from the ChatGPT app were stored.

“MacOS has blocked access to any user private data since macOS Mojave 10.14 (6 years ago!). Any app accessing private user data (Calendar, Contacts, Mail, Photos, any third-party app sandbox, etc.) now requires explicit user access. OpenAI chose to opt out of the sandbox and store the conversations in plain text in a non-protected location, disabling all of these built-in defenses,” he explained.

Since its first release in June, the ChatGPT app for Mac has only been available through OpenAI’s website. This has allowed the app to bypass and not comply with Apple’s sandboxing requirements, followed by other software distributed through the Mac App Store.  

Vieito also included a video in his Threads post, demonstrating how easy it was to read a user’s ChatGPT conversation history with a simple click of a button using a separate app he developed called “ChatGPTStealer.”

To verify this, Jay Peters of The Verge tested the app himself and found that he successfully accessed his conversations with ChatGPT after locating the plain-text file on his computer and changing the file name.

OpenAI immediately reacted and rolled out an updated version of its macOS app, which now encrypts stored conversations.

“We are aware of this issue and have shipped a new version of the application which encrypts these conversations. We’re committed to providing a helpful user experience while maintaining our [high-security] standards as our technology evolves,” OpenAI’s spokesperson Tanya Christianson said in an interview.

Peters confirmed that the latest version of the ChatGPT app for macOS has addressed the vulnerability of the stored chats, noting that he could no longer see the conversations in plain text using Vieito’s ChatGPTStealer.

However, while the update resolved this flaw, it remains non-compliant with Apple’s sandboxing requirements.  

Presently, the desktop version of ChatGPT is only available for Macs running on macOS14 or newer, but OpenAI is expected to launch the app in Windows before the end of the year.