AI-coded apps

    Can ChatGPT Write Secure Android Code? (Security Audit)

    ChatGPT-generated Android code being audited against OWASP MASVS, revealing weak crypto, a hardcoded key, and an outdated dependency.

    ChatGPT can write Android code that works, but it cannot be relied on to write Android code that is secure, because it reproduces the insecure patterns common in the public code it learned from and often suggests outdated dependency versions with known vulnerabilities. Research finds that developers using AI assistants tend to write less secure code while feeling more confident it is safe, so the risk is not just bad code but false assurance. The practical answer is to treat ChatGPT output as a draft that must be audited against a standard like OWASP MASVS, checking the Android patterns it commonly gets wrong, weak cryptography, hardcoded keys, over-broad permissions, insecure WebView use, plaintext storage, and cleartext networking, and updating any stale dependencies before you ship.

    Short answer

    ChatGPT is a capable coding assistant and an unreliable security engineer, so the honest answer is that it writes functional Android code but not dependably secure Android code. In a Stanford study, participants with an AI assistant wrote significantly less secure code yet were more likely to believe their code was secure, which is the core danger. ChatGPT optimizes for code that runs, learns from public examples that include insecure patterns, and has no knowledge of your threat model, so it defaults to convenient rather than safe. Audit its output against OWASP MASVS, and treat cryptography, permissions, storage, networking, and dependencies as things to verify, not trust.

    Can ChatGPT write secure Android code?

    It can write Android code that compiles and behaves correctly, which is genuinely useful, but security is a different property than correctness, and it is not one ChatGPT reliably delivers. The model predicts plausible code based on patterns in its training data, and a great deal of public Android code contains insecure habits, so the plausible answer is often the insecure one. It also has no context about what your app protects, who might attack it, or which data is sensitive, so it cannot reason about the threats a security engineer would.

    The result is code that looks professional and works in a demo while carrying weaknesses that only surface under attack. ChatGPT will happily produce an encryption helper, a permission request, or a network call that functions, without signaling that the cipher mode is weak, the permission is excessive, or the connection allows cleartext. So the realistic stance is that ChatGPT accelerates writing Android code and shifts the burden of security onto your review, rather than removing it.

    What the research shows

    This is measured, not merely a hunch, and the findings are consistent. The Stanford study by Perry and colleagues had participants complete security-relevant programming tasks with and without an AI assistant, and those with the assistant produced less secure solutions across several tasks while rating their own code as more secure, a combination that quietly increases risk. Overconfidence in generated code is arguably more dangerous than the flaws themselves, because it reduces the scrutiny the code receives.

    Earlier work pointed the same way. A New York University study of GitHub Copilot, an assistant built on similar technology, found that a substantial share of the code it generated in security-relevant scenarios, on the order of 40 percent, contained weaknesses drawn from common vulnerability categories. Different tools and tasks give different numbers, but the pattern holds: AI coding assistants introduce security weaknesses at a meaningful rate. So the sensible expectation for ChatGPT-generated Android code is that some fraction of it will be insecure unless you check.

    The Android patterns ChatGPT gets wrong

    ChatGPT tends to reach for the same insecure Android patterns that fill public code, and they map cleanly to the OWASP MASVS control areas. For cryptography, it may use a weak cipher mode such as AES in ECB, a hardcoded key or initialization vector, or a fast but unsuitable algorithm, because those examples are everywhere. For secrets, it often embeds an API key or token directly in the code, which ships to every device. For permissions, it can request broad or dangerous permissions the feature does not need.

    The pattern continues across the stack. It may configure a WebView with JavaScript and a native bridge or file access without restraint, store sensitive values in plain SharedPreferences, or allow cleartext HTTP by not setting a network security configuration. It commonly exports components or handles deep links without validating the input as untrusted. None of these stops the app working, which is exactly why they slip through, and each is a specific thing to look for when you review generated Android code against MASVS.

    Does it suggest outdated dependencies?

    Yes, and this is one of the most reliable failure modes. ChatGPT's knowledge is fixed at a training cutoff, so it tends to suggest the library versions and APIs that were current in its training data, which may be months or years old. That means it can pin you to a dependency version with a known vulnerability that has since been patched, and it will not warn you, because from its perspective that version is normal. Generated build files and import statements need to be checked against current, maintained releases.

    There is a sharper edge to this. Because the model predicts plausible names, it can occasionally suggest a package that does not exist or misname one, and attackers exploit this by publishing malicious packages under names that AI tools tend to hallucinate, so blindly adding a suggested dependency is a supply-chain risk in itself. So treat every dependency ChatGPT proposes as unverified: confirm the package is real and maintained, and update it to a current version with no outstanding advisories before relying on it.

    What about prompt injection?

    Prompt injection matters when your Android app itself integrates a language model, for example a chatbot or an assistant feature, and it is a risk ChatGPT-generated integration code routinely omits. Generated code tends to send user input and retrieved content straight into the model and to act on the model's output without guardrails, which is exactly the setup prompt injection abuses: hostile text in the input or in fetched data steers the model into unintended actions. Prompt injection sits at the top of the OWASP list of risks for LLM applications, so it is not a fringe concern.

    If your app calls an LLM, the generated code usually needs hardening that ChatGPT will not add unprompted: treat all model input as untrusted, constrain and validate what the model is allowed to do, keep any privileged actions behind server-side checks rather than letting model output trigger them directly, and never place secrets where injected instructions could reach them. So beyond the code ChatGPT writes being insecure, the AI features it wires up need deliberate injection defenses layered on top.

    Where ChatGPT gets it wrong at a glance

    Matching each Android area to the common mistake and the secure approach guides your review. The table below maps them.

    AreaCommon ChatGPT mistakeSecure approach
    CryptographyAES in ECB, hardcoded keyAuthenticated modes, Keystore-held keys
    SecretsAPI key embedded in codeKeep secrets server-side, not in the app
    PermissionsOver-broad or dangerous permissionsRequest only what the feature needs
    WebViewUnrestricted bridge and file accessLimit the bridge; validate loaded content
    StorageSensitive data in plain SharedPreferencesEncrypt with a Keystore-backed key
    DependenciesOutdated or hallucinated packagesVerify and update to maintained versions

    Read this as a review checklist: these are the specific places to inspect in any Android code ChatGPT hands you.

    How to use ChatGPT safely for Android

    You can get value from ChatGPT while managing the risk by treating its output as a first draft rather than a finished, trusted component. State your security requirements in the prompt, since asking explicitly for a specific cipher mode, least-privilege permissions, or server-side secret handling produces better starting code than a bare request. But do not rely on the prompt alone, because the model may still default to insecure patterns, so review every security-relevant line yourself.

    Then close the loop with verification. Check the generated code against the OWASP MASVS areas above, update and confirm every dependency, and never paste real API keys or credentials into a prompt or accept them being embedded in the output. Finally, scan the built app, because a review of the source plus an automated scan of the binary catches far more than either alone. Used this way, ChatGPT speeds up development without you shipping its insecure defaults.

    Audit checklist

    Working through these steps turns generated Android code into code you can trust. The checklist below covers them.

    StepActionDone?
    Review the cryptoReplace weak modes; move keys to the Keystore[ ]
    Remove hardcoded secretsTake keys out of the app; use a backend[ ]
    Trim permissionsKeep only permissions the feature needs[ ]
    Check dependenciesVerify they exist and update to current versions[ ]
    Harden any LLM featuresAdd prompt-injection defenses server-side[ ]
    Scan the buildRun a security scan before you ship[ ]

    The step teams skip most is checking dependencies, since an outdated or hallucinated package can undo an otherwise careful review.

    Where a scan fits

    Reviewing ChatGPT-generated Android code line by line is necessary but slow, and a scan catches the concrete issues it tends to introduce at the binary level, which is exactly where this help is useful.

    A scanner like PTKD.com analyzes your Android build and flags the very patterns ChatGPT commonly produces, such as weak cryptography, hardcoded keys, over-broad permissions, and risky third-party code, by severity and mapped to OWASP MASVS. To be clear about the boundary: PTKD does not rewrite the AI-generated code or make security decisions for you; it reports what needs fixing. It gives you an objective check on generated Android code, so the insecure defaults are caught rather than shipped.

    What to take away

    • ChatGPT writes working Android code but not reliably secure Android code, because it reproduces insecure patterns from public code and lacks your threat context.
    • Research shows AI-assisted developers write less secure code while feeling more confident, so overconfidence is part of the risk.
    • The common Android failures map to OWASP MASVS: weak crypto, hardcoded keys, over-broad permissions, insecure WebView, plaintext storage, and cleartext networking.
    • It frequently suggests outdated or even hallucinated dependencies, so verify every package exists, is maintained, and is current before using it.
    • If your app integrates an LLM, add prompt-injection defenses the generated code omits, and use a tool like PTKD.com to scan the build for these issues.
    • #chatgpt
    • #ai-generated code
    • #android security
    • #owasp masvs
    • #secure coding

    Frequently asked questions

    Can ChatGPT write secure Android code?
    It writes Android code that compiles and works, but not reliably secure code. ChatGPT predicts plausible code from public examples that include insecure patterns, optimizes for code that runs rather than code that is safe, and has no knowledge of your threat model, so it defaults to convenient rather than secure choices. A Stanford study found developers using AI assistants wrote less secure code while feeling more confident. So treat its output as a draft to audit against OWASP MASVS, not as production-ready security, and review cryptography, permissions, storage, networking, and dependencies yourself.
    What security mistakes does ChatGPT commonly make in Android code?
    The patterns map to OWASP MASVS control areas. For cryptography it may use a weak mode like AES in ECB with a hardcoded key or IV. For secrets it often embeds an API key directly in the app. It can request over-broad or dangerous permissions, configure a WebView with an unrestricted native bridge or file access, store sensitive data in plain SharedPreferences, and allow cleartext HTTP by omitting a network security configuration. It also exports components or handles deep links without treating the input as untrusted. None of these break the app, which is why they slip through review.
    Does ChatGPT suggest outdated dependencies?
    Yes, reliably. Its knowledge is fixed at a training cutoff, so it tends to suggest library versions and APIs that were current in its training data, which can pin you to a version with a known, since-patched vulnerability, and it will not warn you. Worse, because it predicts plausible names, it can suggest a package that does not exist or is misnamed, and attackers publish malicious packages under names AI tools tend to hallucinate. So verify every suggested dependency is real and maintained, and update it to a current version with no outstanding advisories.
    Is prompt injection a concern with ChatGPT-generated code?
    It is, when your Android app itself integrates a language model such as a chatbot feature. Generated integration code routinely sends user input and retrieved content straight into the model and acts on the output without guardrails, which is exactly what prompt injection abuses, and prompt injection is the top risk in the OWASP list for LLM applications. So harden any LLM feature the generated code wires up: treat all model input as untrusted, constrain what the model can do, keep privileged actions behind server-side checks, and keep secrets out of the model's reach.
    How do I use ChatGPT safely for Android development?
    Treat its output as a first draft. State your security requirements in the prompt, since asking explicitly for authenticated crypto, least-privilege permissions, and server-side secrets yields better starting code, but do not rely on the prompt alone because the model may still default to insecure patterns. Review every security-relevant line against OWASP MASVS, verify and update every dependency, never paste real API keys into a prompt or accept them embedded in output, and scan the built app. Source review plus an automated binary scan catches far more than either alone.
    Is AI-generated code less secure than human-written code?
    Studies indicate AI assistants introduce security weaknesses at a meaningful rate and, importantly, increase developers' confidence in insecure code. A Stanford study found AI-assisted participants wrote less secure code while believing it was more secure, and a New York University study of Copilot found roughly 40 percent of generated code in security-relevant scenarios contained weaknesses. The takeaway is not that AI code is unusable, but that it needs the same or greater scrutiny than human code, since the false assurance it creates can reduce the review it actually receives.

    Keep reading

    Scan your app in minutes

    Upload an APK, AAB, or IPA. PTKD returns an OWASP-aligned report with copy-paste fixes.

    Try PTKD free