Is ChatGPT Secure? An Evaluation of the AI’s Android App

Good AI, damaged defenses?

AI-powered apps are revolutionizing how we search, be taught, and talk, however the fast tempo of innovation has come at a price: safety is commonly an afterthought.

As a part of our AI App Safety Evaluation Collection, we’ve been scrutinizing a few of the hottest AI instruments on Android for hidden vulnerabilities that would put hundreds of thousands of customers in danger.

After revealing main safety flaws in DeepSeek and Perplexity AI, our newest deep dive focuses on ChatGPT’s Android app—one of the crucial downloaded AI apps globally. Regardless of the sophistication of the AI below the hood, the cellular app’s safety posture is alarmingly weak.

Is ChatGPT protected?

No, probably not.

Once we determined to check the ChatGPT Android app, we assumed we’d be in for a unique sort of audit. In any case, this wasn’t a small workforce racing to ship the following huge factor—this was OpenAI. Backed by billions, powered by essentially the most refined language mannequin on the planet, and downloaded by hundreds of thousands. If anybody had the assets to construct a safe cellular app, it was them.

As an alternative, what we discovered was surprisingly dangerous—even for an organization main the AI race.

Regardless of the intelligence behind the scenes, the app’s safety posture was riddled with points we’ve seen again and again on this sequence. Previous vulnerabilities. Lacking controls. Zero runtime protection.

In brief, the AI could be sensible, however the cellular app? Not a lot. We anticipated higher from ChatGPT.

Safety points within the ChatGPT Android model

Our static and dynamic evaluation of the ChatGPT Android app (v1.2025.133) revealed a number of medium to high-risk vulnerabilities, together with:

1. Hardcoded secrets and techniques

Assault sort
Credential publicity 

Danger degree
Vital

We found hardcoded Google API keys embedded within the app’s code. These could be simply extracted and misused, permitting attackers to impersonate requests or work together with backend programs.

How might ChatGPT repair it?

• Retailer delicate keys securely utilizing atmosphere variables, encrypted vaults, or safe key administration companies.
• Rotate API keys repeatedly and instantly revoke or change any uncovered keys to attenuate the danger of misuse.
• Prohibit API key entry utilizing granular permissions, IP or app restrictions, and the precept of least privilege to forestall unauthorized use.
• Monitor and log API key utilization to detect suspicious exercise and reply rapidly to potential abuse.
• Observe the very best safe key administration practices to keep away from secrets and techniques from being dedicated to model management.

2. No SSL pinning

Assault sort
Impersonation assault 

Danger degree
Vital

The app doesn’t implement SSL certificates pinning. This makes it weak to man-in-the-middle (MitM) assaults, the place an attacker intercepts and manipulates knowledge in transit.

How might ChatGPT repair it?

• Implement SSL certificates pinning to make sure the app solely communicates with trusted servers, blocking man-in-the-middle (MitM) assaults.
• Use established libraries (like OkHttp, TrustKit, or Alamofire) or handbook pinning logic to validate server certificates or public keys throughout each SSL/TLS handshake.
• Recurrently replace and take a look at pinned certificates or keys, and plan for certificates rotation to keep away from connection failures when certificates expire or change.
• Monitor for failed pinning makes an attempt and log incidents to detect potential impersonation or interception makes an attempt.

3. No root detection

Assault sort
Privilege escalation 

Danger degree
Excessive

ChatGPT runs usually on rooted units, leaving it open to escalated privileges, system-level tampering, and knowledge extraction.

How might ChatGPT repair it?

• Combine strong root detection utilizing libraries like RootBeer or SafetyNet.
• Implement a number of, layered root checks—resembling detecting the presence of su binaries, root administration apps, modified system properties, and important listing modifications—to strengthen detection and reduce bypass dangers.
• Run root detection at app startup and through delicate operations, disabling key options or blocking entry if root is detected to forestall privilege escalation and tampering.
• Recurrently replace and take a look at its root detection logic to remain forward of recent rooting and bypass methods.

4. Weak to identified Android assaults

We recognized publicity to a number of high-profile Android vulnerabilities:

• Janus (CVE-2017-13156)

Assault sort
APK modification and malware injection 

Danger degree
Vital

Permits attackers to inject code into signed APKs.

• StrandHogg

Assault sort
Phishing and identification theft 

Danger degree
Vital

Allows malicious apps to hijack UI screens and steal credentials.

• Tapjacking

Assault sort
UI manipulation

Danger degree
Excessive

Tips customers into interacting with hidden UI components.

How might ChatGPT repair these vulnerabilities?

• Maintain all libraries, SDKs, and dependencies updated with the newest safety patches.
• Carry out common safety testing, code opinions, and vulnerability assessments earlier than every launch.
• Monitor app conduct in actual time to detect and reply to rising threats.
• Retailer delicate knowledge utilizing safe storage options, resembling Android Keystore, and implement sturdy entry controls.
• Set up a clear vulnerability disclosure course of and reply quickly to reported points.

5. No hooking or debug detection

Assault sort
UI manipulation

Danger degree
Excessive

The app doesn’t try to detect Frida/Xposed frameworks or block use in debug/ADB-enabled environments, making it straightforward to tamper with runtime conduct.

How might ChatGPT repair this vulnerability?

• Implement runtime checks to detect the presence of hooking frameworks resembling Frida and Xposed.
• Block app execution or prohibit delicate options if hooking instruments or suspicious instrumentation are detected.
• Detect and stop execution in debug or ADB-enabled environments by monitoring system flags and machine standing.
• Obfuscate important code paths and use anti-tampering methods to make runtime manipulation tougher.
• Recurrently replace detection logic to remain forward of recent hooking and debugging instruments.
• Log and alert on any suspected tampering makes an attempt for additional investigation and response.
  
  

Why this issues

These aren’t simply theoretical dangers. Attackers love these items as a result of it really works.

• Knowledge theft: Intercepted classes and uncovered secrets and techniques can compromise customers.
• Abuse and phishing: UI hijacking and tapjacking vulnerabilities are utilized in real-world fraud campaigns.
• Belief erosion: When flagship apps fail to implement fundamental protections, it sends a message to the remainder of the ecosystem—safety is non-compulsory.

Three apps, one message

Throughout this sequence, we examined three of essentially the most talked-about AI apps: DeepSeek, Perplexity, and now ChatGPT. The names differed, however the safety story remained frustratingly related.

We didn’t go into this trying to discover fault. We needed to know how safe AI actually is in your pocket. What we uncovered was a transparent sample of rushed releases and missed fundamentals.

Whether or not it is hardcoded secrets and techniques, lack of SSL pinning, or absence of runtime defenses, every of those apps missed the mark in important areas. These aren’t edge instances—they’re desk stakes in cellular app safety.

What comes subsequent?

As AI apps rush to redefine productiveness, training, and creativity, the infrastructure powering them, particularly on cellular, have to be simply as strong. The present state of AI app safety tells us we’re not there but.

Skilled Opinion

Raghunandan J,  Appknox’s Head of Product & R&D, believes that:

The AI revolution wants a safety revolution alongside it. Innovation with out safety isn’t only a danger—it’s a legal responsibility. By means of this sequence, we got down to spark a dialog—not nearly what’s damaged, however about what wants to vary. I hope it’s served as each a wake-up name and a roadmap.

Act earlier than attackers exploit unnoticed safety gaps. 

Take management of your app safety earlier than it’s uncovered to silent, refined threats that may compromise your knowledge, status, and backside line.

Join a free trial at present and see how Appknox helps safe complete app portfolios with its holistic, binary-based scanning. Be a part of 100+ world enterprises who vouch for Appknox.

Begin Your Free Trial