ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store

On Android devices, one of the apps analyzed by researchers has more than 100,000 downloads, tracks, and shares location data with ByteDance and Amazon, etc. ChatGPT, the AI software, has already taken the Internet by storm, and that is why cybercriminals are looking to exploit the opportunity for malicious purposes. The bigger question is, does ChatGPT have official apps for iOS or Play Store? Short answer: No, but we asked ChatGPT about it. For your information, Chat Generative Pre-Trained Transformer, aka ChatGPT, is a chatbot launched in November 2022 by OpenAI. It is part of OpenAI's GPT-3 family of language models and is compatible with both reinforcement and supervised learning techniques. According to Top10VPN, unofficial clones and fake apps of the ChatGPT chatbot are available on both the Apple App Store and Google Play Store when they search for the term "ChatGPT.". The researchers analyzed the ten highest-ranking apps, most of which relied on the new ChatGPT-3 technology. They used open-source tools, such as mitmproxy, to examine network traffic in their testing environment and detect risky functionalities in the Android apps' code. They also analyzed the clone apps' privacy policies and store pages to understand each app's data collection and sharing policies. On Android devices, two clone apps collect/share users' IP addresses with 3rd parties, whereas one app, identified as ChatGPT AI Writing Assistant with more than 100,000 downloads, tracks/shares location data with ByteDance and Amazon, etc. Three of these apps ask for permissions that compromise users' privacy, including recording audio permission, even though in-app speech functions are unavailable. All clone apps feature code with privacy impacts and lack the relevant permissions, including access to location, camera, photos, videos, and read/write storage. Nine apps exploit OpenAI's GPT-3 technology, which is currently free, and three apps charge for access. The full list with in-depth details of how and which data these apps collect is available here. On iOS devices, the ten top-ranked clone apps collected shared data with inadequate privacy protections. Two apps logged Q&A content, and five allowed third-party trackers to fingerprint devices. According to Top10VPN's report, more than 300 server requests were launched within four minutes by one app. Seven apps did not follow the data collection practices according to their official privacy labels. Nine apps exploited OpenAI's GPT-3 technology, and eight apps charged up to $15,000 per year for access. All the top-ten ChatGPT apps in the Google Play Store collected shared data with poor privacy protections. The apps shared numerous data points about user devices, such as screen size or network operator. This may appear harmless on its own, but it can be used for fingerprint devices. Though none of these apps have malicious tendencies, one app was found to be sharing data with ByteDance. Many apps are charging the user to access an available free app, which raises ethical concerns. Regarding user data privacy, TalkGPT was the most offensive of all apps, as it tracks users' precise location data and transfers it to ByteDance, Amazon, Appodeal, AdTech, and InMobi. It also seeks permission to record audio and collects users' IP addresses and device fingerprints, which it shares with five third parties, including AdColony, Facebook, Criteo, Everest Technologies, and Google. Many clone apps mine the personal data of ChatGPT's userbase, which had exceeded one million users in less than a week of its launch.

This Cyber News was published on www.hackread.com. Publication date: Wed, 01 Feb 2023 03:02:02 +0000


Cyber News related to ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store

ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store - On Android devices, one of the apps analyzed by researchers has more than 100,000 downloads, tracks, and shares location data with ByteDance and Amazon, etc. ChatGPT, the AI software, has already taken the Internet by storm, and that is why ...
1 year ago Hackread.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 week ago Aws.amazon.com
XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT - With its widespread use among businesses and individual users, ChatGPT is a prime target for attackers looking to access sensitive information. In this blog post, I'll walk you through my discovery of two cross-site scripting vulnerabilities in ...
7 months ago Imperva.com
How enterprises are using gen AI to protect against ChatGPT leaks - ChatGPT is the new DNA of shadow IT, exposing organizations to new risks no one anticipated. Enterprise workers are gaining a 40% performance boost thanks to ChatGPT based on a recent Harvard University study. A second study from MIT discovered that ...
8 months ago Venturebeat.com
How Are Security Professionals Managing the Good, The Bad and The Ugly of ChatGPT? - ChatGPT has emerged as a shining light in this regard. Already we're seeing the platform being integrated into corporate systems, supporting in areas such as customer success or technical support. The bad: The risks surrounding ChatGPT. Of course, ...
9 months ago Cyberdefensemagazine.com
ChatGPT Extensions Could be Exploited to Steal Data and Sensitive Information - API security professionals Salt Security have released new threat research from Salt Labs highlighting critical security flaws within ChatGPT plugins, presenting a new risk for enterprises. Plugins provide AI chatbots like ChatGPT access and ...
6 months ago Itsecurityguru.org
Google Online Security Blog: I/O 2024: What's new in Android security and privacy - As their tactics evolve in sophistication and scale, we continually adapt and enhance our advanced security features and AI-powered protections to help keep Android users safe. Today, we're announcing more new fraud and scam protection features ...
4 months ago Security.googleblog.com
The Limitations of Google Play Integrity API - This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. Google provides app attestation ...
9 months ago Securityboulevard.com
Researchers Uncover Simple Technique to Extract ChatGPT Training Data - Can getting ChatGPT to repeat the same word over and over again cause it to regurgitate large amounts of its training data, including personally identifiable information and other data scraped from the Web? The answer is an emphatic yes, according to ...
10 months ago Darkreading.com
Are you sure you want to share that with ChatGPT? How Metomic helps stop data leaks - Open AI's ChatGPT is one of the most powerful tools to come along in a lifetime, set to revolutionize the way many of us work. Workers aren't content to wait until organizations work this question out, however: Many are already using ChatGPT and ...
8 months ago Venturebeat.com
Data Insecurity: Experts Sound the Alarm on 4 Apps Putting User Privacy at Risk - Even though many of us rely on apps to entertain us, guide us, manage our exercise, and connect with family and friends, they are notoriously hard to trust. In an age when technology is constantly evolving, it is almost impossible to tell if a ...
9 months ago Cysecurity.news
Crypto scam apps infiltrate Apple App Store and Google Play - Operators of high-yielding investment scams known as "Pig butchering" have found a way to bypass the defenses in Google Play and Apple's App Store, the official repositories for Android and iOS apps. Pig butchering scams have been happening for a few ...
1 year ago Bleepingcomputer.com
Google Researchers' Attack Prompts ChatGPT to Reveal Its Training Data - A team of researchers primarily from Google's DeepMind systematically convinced ChatGPT to reveal snippets of the data it was trained on using a new type of attack prompt which asked a production model of the chatbot to repeat specific words forever. ...
10 months ago 404media.co
Privacy Policy 2024 - Personal information is any information that identifies you or would enable someone to contact you, which may include your name, email address, phone number and other non-public information that is associated with such information. Information We ...
9 months ago Bitsight.com
Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity - COMMENTARY. Global data privacy laws were created to address growing consumer concerns about individual privacy. These laws include several best practices for businesses about storing and using consumers' personal data so that the exposure of ...
10 months ago Darkreading.com
Pig Butchering: Fake Trading Apps Target Crypto on Apple, Google Play Stores - Pig Butchering scam targets crypto users with fake trading apps on Apple and Google Play Stores. These apps, found on Apple’s App Store and Google Play, and on phishing sites, are part of a Pig Butchering scam targeting cryptocurrency investors ...
1 week ago Hackread.com
What Do Apple's EU App Store Changes Mean for App Developers? - In order to comply with the European Union's Digital Markets Act, Apple announced on Jan. 25 changes to its payment system for app sellers in the EU, and that it was letting go of the hold its App Store has over iOS app distribution in the EU. As ...
8 months ago Techrepublic.com
Google to Announce Chat-GPT Rival On February 8 Event - There seems to be a lot of consternation on Google's part at the prospect of a showdown with ChatGPT on the February 8 event. The search giant has been making moves that suggest it is preparing to enter the market for large language models, where ...
1 year ago Cybersecuritynews.com
SpyLoan Android malware on Google Play downloaded 12 million times - More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious ...
10 months ago Bleepingcomputer.com
New Xamalicious Android malware installed 330k times on Google Play - A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store. McAfee, a member of the App Defense Alliance, discovered 14 infected apps on Google ...
9 months ago Bleepingcomputer.com
More Android apps riddled with malware spotted on Google Play - An Android remote access trojan known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. The malicious apps, which have now been removed from Google Play but ...
8 months ago Bleepingcomputer.com
New Wave of 'Anatsa' Banking Trojans Targets Android Users in Europe - The campaign has been ongoing for at least four months and is the latest salvo from the operators of the malware, which first surfaced in 2020 and has previously notched victims in the US, Italy, United Kingdom, France, Germany, and other countries. ...
7 months ago Darkreading.com
Over 90 malicious Android apps with 5.5M installs found on Google Play - Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. Anatsa is a banking trojan that targets over 650 ...
4 months ago Bleepingcomputer.com
OpenAI's New GPT Store May Carry Data Security Risks - A new kind of app store for ChatGPT may expose users to malicious bots, and legitimate ones that siphon their data to insecure, external locales. ChatGPT's fast rise in popularity, combined with the open source accessibility of the early GPT models, ...
9 months ago Darkreading.com
OpenAI rolls out imperfect fix for ChatGPT data leak flaw - OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL. According to the researcher who discovered the flaw, the mitigation isn't perfect, so attackers can still exploit it under ...
9 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)