Google Gemini iOS Information Disclosure Vulnerability via Public Link Sharing

A vulnerability in Google Gemini for iOS allows users to unintentionally share their entire conversation history when they only intended to share a single message. This occurs through a public link that can be accessed by anyone, without any warning or authentication. The issue does not exist on the Android or web versions of Gemini.

Impact

The vulnerability leads to unauthorized exposure of full conversation histories, including sensitive personal, medical, or financial information, through publicly accessible links.

Reproduction

To reproduce this vulnerability, open Google Gemini on an iOS device and create a multi-message conversation. Select a single prompt near the bottom of the conversation and tap 'Share via public link.' When the link is opened in a private or incognito session, the entire conversation history will be exposed, rather than just the selected message.

Remediation

Users are advised not to use the 'share via public link' option in Google Gemini for iOS until the vulnerability is fixed. Instead, the 'copy-paste' method can be used to share individual prompts.