> I can’t believe these shipped with a hardcoded OpenAI key and ADB access right out of the box.

As someone with a lot of experience in the mobile app space, and tangentially in the IoT space, I can most definitely believe this, and I am not surprised in the slightest.

Our industry may "move fast", but we also "break things" frequently and don't have nearly the engineering rigor found in other domains.

It was a good thing for user privacy that the keys were directly on the device, it is only in DAN mode that a copy of the chats were sent.

So eventually if they remove the keys from the device, messages will have to go through their servers instead.

> It was a good thing for user privacy that the keys were directly on the device

You want to think through that one again? With the OpenAI key on device it means anyone could use that key to call (and bill) OpenAI's APIs. It's absolutely not feasible to ship the OpenAI keys on device.

Sounds good to me, the company I purchased the device from, takes the risk, instead of putting my own privacy at risk. Sounds like a good deal.

This is not a serious argument.

Hardcoded API keys and poorly secured backend endpoints are surprisingly common in mobile apps. Sort of like how common XSS/SQLi used to be in webapps. Decompiling an APK seems to be a slightly higher barrier than opening up devtools, so they get less attention.

Since debugging hardware is an even higher threshold, I would expect hardware devices this to be wildly insecure unless there are strong incentive for investing in security. Same as the "security" of the average IoT device.

Eventually someone is going to get a bill for the OpenAPI key usage. That will provide some incentive. (Incentive to just rotate the key and brick all the devices rather than fix the problem, most likely.

> (Incentive to just rotate the key and brick all the devices rather than fix the problem, most likely.

But that at least turns it into something customers will notice. And companies already have existing incentives for dealing with that.

At that stage you just rotate the company name or branding...

Sure. But then you cannot benefit from building up a good reputation and charge people extra for it.

(There's a reason Apple can charge crazy markups.)

Had you ever heard of IKKO before this? I hadn't, and I'm at least adjacent to the hifi and audio nerd crowd.

Apple have a reputation and brand that allows them to charge premium prices.

IKKO seems, at least to me, to be effectively a disposable brand. If their reputation goes bad, their only reals costs are setting up a new website/AliExpress Store/Amazon seller account.

To expand on what I was trying to say:

Yes, you can run with disposable brands. It's a perfectly viable business strategy in many cases.

However: if you do that you are missing out on the benefits of building a good reputation. Even in the cases, where your product _is_ actually good.

So another perfectly valid business strategy is to build a longer lasting brand. Like Apple has done. (Or countless other companies.)

In most markets we see both kinds of strategies at play. As a customer, you can usually decide which kind of strategy you give your money to.

The IOT and embedded space is simultaneously obsessed with IP protection, fuse protecting code etc, and incapable of managing the life cycle of secrets. I worked at one company that actually did it well on-device, but neglected they had to ship their testing setup overseas including certain keys. So even if you couldn't break in to the device you could 'acquire' one of the testing devices and have at it

I think we'll see plenty of this as the wave of vibe-coded apps starts rolling in.