Exploring ChatGPT App Ecosystem: Distribution, Deployment and Security

Loading...
Thumbnail Image
File version

Accepted Manuscript (AM)

Author(s)
Yan, C
Ren, R
Meng, MH
Wan, L
Ooi, TY
Bai, G
Griffith University Author(s)
Primary Supervisor
Other Supervisors
Editor(s)
Date
2024
Size
File type(s)
Location

Sacramento, CA, United States

License
Abstract

ChatGPT has enabled third-party developers to create plugins to expand ChatGPT's capabilities. These plugins are distributed through OpenAI's plugin store, making them easily accessible to users. With ChatGPT as the backbone, this app ecosystem has illustrated great business potential by offering users personalized services in a conversational manner. Nonetheless, many crucial aspects regarding app development, deployment, and security of this ecosystem have yet to be thoroughly studied in the research community, potentially hindering a broader adoption by both developers and users. In this work, we conduct the first comprehensive study of the ChatGPT app ecosystem, aiming to illuminate its landscape for our research community. Our study examines the distribution and deployment models in the integration of LLMs and third-party apps, and assesses their security and privacy implications. We uncover an uneven distribution of functionality among ChatGPT plugins, highlighting prevalent and emerging topics. We also identify severe flaws in the authentication and user data protection for third-party app APIs integrated within LLMs, revealing a concerning status quo of security and privacy in this app ecosystem. Our work provides insights for the secure and sustainable development of this rapidly evolving ecosystem.

Journal Title
Conference Title

ASE '24: Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering

Book Title
Edition
Volume
Issue
Thesis Type
Degree Program
School
Publisher link
Patent number
Funder(s)
Grant identifier(s)
Rights Statement
Rights Statement

This work is covered by copyright. You must assume that re-use is limited to personal use and that permission from the copyright owner must be obtained for all other uses. If the document is available under a specified licence, refer to the licence for details of permitted re-use. If you believe that this work infringes copyright please make a copyright takedown request using the form at https://www.griffith.edu.au/copyright-matters.

Item Access Status
Note
Access the data
Related item(s)
Subject
Persistent link to this record
Citation

Yan, C; Ren, R; Meng, MH; Wan, L; Ooi, TY; Bai, G, Exploring ChatGPT App Ecosystem: Distribution, Deployment and Security, ASE '24: Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, 2024, pp. 1370-1382