I am very disappointed because I was trying the OpenAi features but only after a couple of days after puting my OpenAI API token I received a message from them and my account was deactivated.
This means that API token safety in PlexAmp is non existent because my key was stolen and used by someone in something violating OpenAi rules.
This is frustrating since I have done nothing wrong and trusted that PlexAmp would be safe and that is not the case.
I am now 3 weeks with my OpenAi and ChatGPT account deactivated waiting for my appeal to show them that PlexAmp was the problem and sadly is not an App we can trust
Your API key was used in multiple places, and Plexamp was one of these places, and the key was stolen from elsewhere.
Your API key was used in the Plexamp mobile app, and some entity very good at hacking was able to extract the key from your device (either via remotely accessing your mobile device, or via malware), in which case you have a lot more to worry about.
Your API key was used in the Plexamp desktop system, and somebody had physical access to your account/machine or hacked it remotely, in which case you also have a lot more to worry about.
In the latter two cases, I would strongly suggest you check for malware.
Plexamp doesn’t send the API anywhere other than the OpenAI servers, via encrypted network communications.
Thank you for your answer. I am still waiting for OpenAi investigation, conclusion and account reactivation.
Regarding your points:
That was my first experience with OpenAI and API didnt used it anywhere else. I created the API and pasted directly in Android PlexAmp no storage anywhere.
I am 53 years old and I live with technology since internet was a baby. So security was and is always my main concern.
I am extremely carefull with the source of any app or external links I use both in PC and Smartphone and I regulary scan for malware and virus.
I use 2 and 3 factors authentication in every service, site available - password, biometric and physical key or passkey.
In 40 years of technology interaction I had ZERO leakage or hacking of any content in my machines.
I dont doubt your word of the way the API flows between PlexAmp and OPenAI servers but if a good hacker somehow managed to remote acess my smartphone he wouldnt surely worry about OpenAi API token because I have way more important and worthy information in there so at this point I have to consider all options including some “open door” in PlexAmp android app that gives acess to account details because API is stored in account so it can be accessed not when is comunicating with OpenAI servers but simplu by accessing account details and AI resources.
As I said I am checking all scenarios but no conclusions until now
This is not the case. For someone to access the OpenAI key on your Android device they would need to have badly compromised your phone such that they could read private data.
Again, the API key does not leave Plexamp except in an HTTPS request to OpenAI.
When enabling the 2FA you need to sign directly into your Plex account using your Plex email address or user name, as well as your Plex password (So maybe use a browser incognito window)
If you can’t remember your password or are otherwise having trouble accessing your account, you can make use of our “Forgot your password?” page (https://app.plex.tv/auth#?resetPassword) to have the password reset to a known good value. Please see the following article with further details https://support.plex.tv/articles/201862428-plex-accounts/ If you request more than one reset email, please keep in mind that only the reset link in the most recent reset email we sent will work.
In some cases, that newest email may not have arrived yet. Requesting a new reset will invalidate all previous ones.
