What a train wreck, there are thousand more apps in store that do exactly this because its the easiest way to use openAI without having to host your own backend/proxy.

I have spend quite some time protecting my apps from this scenario and found a couple of open source projects that do a good job as proxys (no affiliation I just used them in the past):

- https://github.com/BerriAI/litellm - https://github.com/KenyonY/openai-forward/tree/main

but they still lack other abuse protection mechanism like rate limitting, device attestation etc. so I started building my own open source SDK - https://github.com/brahyam/Gateway

Really nice post, but I want to see Bad Apple next.

> What the fuck, they left ADB enabled. Well, this makes it a lot easier.

Thinking that was all, but then;

> Holy shit, holy shit, holy shit, it communicates DIRECTLY TO OPENAI. This means that a ChatGPT key must be present on the device!

Oh my gosh. Thinking that is it? Nope!

> SecurityStringsAPI which contained encrypted endpoints and authentication keys.

This is one of the best things ive read on here in a long time. Definitely one of the greatest "it runs doom" posts ever.

That's some very amateur programming and prompting that you've exposed.

A fair consumer protection imperative might be found in requiring system prompts and endpoints be disclosed. This is a good example to kick that off with, as it presents a national security issue.

It's always funny to me when people go to the trouble of editorializing a title, yet in doing so make the title even harder to parse.

> “Our technical team is currently working diligently to address the issues you raised”

Oh now you’re going to be diligent. Why do I doubt that?

Sure let's start giving out participation trophies in security. Nothing matters anymore.

Good write up. At some point we have to just seize these Chinese malware adjacent crap at the borders already