ChatGPT and other artificial intelligence offerings have become hot talking points in sectors including private banking and wealth management. The study of apps that make use of such tech finds some wide gaps between promises about privacy, and the reality.

Research from Singapore-based data governance and advisory firm Straits Interactive says there are big gaps between declared safety practices of apps using artificial intelligence and how they behave in practice – creating threats to privacy for individuals and businesses. 

The findings from Straits Interactive’s research arm, The Data Protection Excellence Centre, were based on examining 100 mobile “clone apps” using OpenAI's GPT APIs on the Google Play Store.

The findings come at a time when ChatGPT and other artificial intelligence offerings have become hot talking points in sectors including private banking and wealth management, raising questions about their productive potential, as well as about problems such as intellectual property rights protection.

The study tried to check on the declared data safety information of ChatGPT-based apps and delved into the permissions they actually solicit, particularly regarding personally identifiable information (PII). The research looked at apps selected from the Google Play Store with the search term “ChatGPT,” representing a combined total of 44 million downloads.

The study found that 46 per cent of the apps seemingly confidently asserted on the app download page (within the Data Safety Section) that they did not collect any PII. Contrarily, the App Permissions Section indicates that chat conversations, classified under PII, are vulnerable to harvesting, the report said. 

Some 68 per cent of the apps claimed that there was no third-party PII sharing, but their reliance on the application programming interface (API) from OpenAI – a third party – directly contradicts this claim. Alarmingly, 42 per cent admitted that once the user PII is collected, “the data can’t be deleted.”

“The disparities cast shadows over the privacy practices of these apps, especially considering that 58 per cent of them have user ratings averaging 4.3, probably indicating their ease of use and/or effectiveness, etc. rather than taking data privacy risks into account,” Straits Interactive said. 

Among the 46 apps which claimed not to collect any PII, 29 actually requested at least one app permission that would enable them to collect PII, the research said.