Stanford Research Fellow Warns of Leaking OpenAI API Keys in iOS and macOS ChatGPT Apps

Cyril Zakka, MD, a Postdoctoral Research Fellow at Stanford Cardiothoracic Surgery and Hiesinger Lab, recently raised concerns about the leaking of private OpenAI API keys in iOS and macOS ChatGPT apps. According to Zakka, at least 50% of these popular apps are inadvertently revealing their API keys through their property lists and app binaries, posing a significant security risk to developers and users alike.

As AI technologies become increasingly integrated into applications, ensuring the security of sensitive data has become paramount. Zakka’s findings reveal that many developers are storing their API keys within the ‘Info.plist’ file or as plain strings within their code. Unfortunately, both of these methods make it relatively easy for attackers to extract the keys using reverse-engineering tools.

The ‘Info.plist’ file is a property list file that typically contains application metadata and user settings. Storing an API key within this file makes it particularly vulnerable since it can be accessed in plain text without requiring sophisticated tools or significant effort. Similarly, storing an API key as a plain string within the code may seem like a safer option, but even in compiled executables, reverse-engineering tools can still reveal the key in plain sight.

Developers urged to adopt alternative methods for securing API keys to protect sensitive data and user privacy

In light of these security concerns, experts have weighed in on the issue and offered several alternative methods for securing API keys, ultimately aiming to prevent unauthorized access and potential misuse:

1. Use a Backend for API Communication: Developers should avoid storing sensitive information, including API keys, in client-side applications. Instead, apps should only communicate with OpenAI’s API through a backend owned by the developer. This approach keeps sensitive data away from client-side applications, reducing the risk of exposure.
2. User-Provided API Keys: Another option is to have users provide their own API key. This method shifts the responsibility of key management to the user while still enabling the app’s features.
3. Backend Requests with Authentication: Developers can also perform requests on the backend after verifying user authentication and deducting from their quota. This method ensures that only authenticated users with appropriate access can make requests to the API.
4. Generate Per-User Subkeys: If supported by the upstream service, developers can generate a per-user subkey with a quota. This approach limits the potential damage caused by a compromised API key by restricting its usage.
5. Implement Abuse Controls: Developers can implement controls to combat abuse, such as rate limiting and IP blacklisting. These measures can help protect the app from malicious actors and ensure that it is used according to its intended purpose.

By adopting these alternative methods for securing API keys, developers can significantly reduce the risk of unauthorized access, financial loss, or potential legal issues. Following the principle of least privilege when providing users access to features and services is crucial to ensuring that applications are used according to their intended purpose, ultimately protecting both developers and users.

Cyril Zakka’s revelation serves as a timely reminder for developers to prioritize security and privacy when integrating AI technologies into their applications. By implementing the suggested strategies, they can not only safeguard their API keys and sensitive data but also ensure the continued trust of their users.

I know iOS/macOS ChatGPT apps are all the rage at the moment but looks like at least 50% of them are leaking their private @OpenAI API keys through their property lists/app binaries. (n=10)

I've sent emails to the developers, but here's a quick thread: 👇🏻 pic.twitter.com/vM1vWDRNAM

— Cyril Zakka, MD (@cyrilzakka) April 13, 2023

{
"seed": 697440015,
"used_random_seed": true,
"negative_prompt": "",
"num_outputs": 1,
"num_inference_steps": 50,
"guidance_scale": 7.5,
"width": 512,
"height": 512,
"vram_usage_level": "high",
"sampler_name": "euler",
"use_stable_diffusion_model": "Dreamshaper_3.32_baked_vae_clip_fix",
"use_vae_model": "vae-ft-mse-840000-ema-pruned",
"stream_progress_updates": true,
"stream_image_progress": false,
"show_only_filtered_image": true,
"block_nsfw": false,
"output_format": "jpeg",
"output_quality": 75,
"output_lossless": false,
"metadata_output_format": "json",
"original_prompt": "Stanford Research Fellow Warns of Leaking OpenAI API Keys in iOS and macOS ChatGPT Apps, deepleaps.com",
"active_tags": [
"Beautiful Lighting",
"Detailed Render",
"Intricate Environment",
"CGI",
"Cinematic",
"Dramatic",
"HD"
],
"inactive_tags": [],
"use_upscale": "RealESRGAN_x4plus",
"upscale_amount": "4",
"prompt": "Stanford Research Fellow Warns of Leaking OpenAI API Keys in iOS and macOS ChatGPT Apps, deepleaps.com, Beautiful Lighting, Detailed Render, Intricate Environment, CGI, Cinematic, Dramatic, HD",
"use_cpu": false
}