A new side-channel attack, dubbed Pixnapping, has emerged as a significant threat, allowing malicious Android applications to extract sensitive data without requiring any permissions. This innovative attack method involves stealing pixels displayed by applications or websites and reconstructing them to reveal private information, including chat messages from secure communication apps like Signal, emails from Gmail, and two-factor authentication (2FA) codes from Google Authenticator.
Developed by a team of seven researchers from American universities, Pixnapping operates effectively on fully patched modern Android devices, capable of exfiltrating 2FA codes in under 30 seconds. While Google attempted to address this vulnerability (CVE-2025-48561) in the September Android update, the researchers successfully bypassed the mitigation measures. A more robust solution is anticipated in the upcoming December 2025 Android security update.
How Pixnapping works
The attack initiates with a malicious app exploiting Android’s intents system to launch a target app or webpage, allowing its window to be processed by the system’s composition engine, SurfaceFlinger. This engine is responsible for rendering multiple visible windows simultaneously.
Next, the malicious app identifies the target pixels—such as those forming a 2FA code—by executing various graphical operations to determine whether they are white or non-white. The researchers introduced a ‘masking activity’ that occupies the foreground, concealing the target app. The attacker then modifies the cover window to display “all opaque white pixels except for the pixel at the attacker-chosen location, which is set to be transparent.”
During the Pixnapping attack, the isolated pixels are enlarged, taking advantage of a peculiar behavior in SurfaceFlinger that creates a stretch-like effect when applying blur.
Source: pixnapping.com
Once the victim’s pixels are recovered, an OCR-style technique is employed to differentiate each character or digit. The researchers liken the process to a malicious app taking a screenshot of content it should not access.
To facilitate data theft, the researchers utilized the GPU.zip side-channel attack, which exploits graphical data compression in contemporary GPUs to leak visual information. Although the data leakage rate is relatively low, ranging from 0.6 to 2.1 pixels per second, the optimizations demonstrated by the researchers indicate that sensitive data, such as 2FA codes, can be extracted in less than 30 seconds.
Impact on Android
The researchers showcased Pixnapping on various devices, including Google Pixel 6, 7, 8, and 9, as well as Samsung Galaxy S25, all running Android versions 13 through 16, revealing their vulnerability to this new attack. Given that the mechanisms enabling Pixnapping are present in older Android versions, it is likely that a vast majority of Android devices and earlier OS versions are also at risk.
In an extensive analysis of nearly 100,000 Play Store apps, the researchers identified hundreds of thousands of invocable actions through Android intents, underscoring the broad applicability of this attack. The technical paper highlights several examples of potential data theft:
- Google Maps: Timeline entries occupy approximately 54,264–60,060 pixels; unoptimized recovery of an entry takes around 20–27 hours across devices.
- Venmo: Activities (profile, balance, transactions, statements) are accessible via implicit intents; account-balance regions range from 7,473–11,352 pixels and can leak in approximately 3–5 hours without optimization.
- Google Messages (SMS): Both explicit and implicit intents can open conversations. Target regions are about 35,500–44,574 pixels; unoptimized recovery requires roughly 11–20 hours. The attack distinguishes sent from received messages by analyzing pixel colors.
- Signal (private messages): Implicit intents can open conversations. Target regions are approximately 95,760–100,320 pixels; unoptimized recovery takes about 25–42 hours, and the attack proved effective even with Signal’s Screen Security enabled.
Both Google and Samsung have pledged to address these vulnerabilities before the year concludes, although no GPU chip vendor has yet announced plans to patch the GPU.zip side-channel attack. While the original exploit method was mitigated in September, Google has since received an updated attack that successfully bypassed the initial fix. A more comprehensive patch is slated for release with the December Android security updates.
Google has indicated that leveraging this data leak technique necessitates specific information about the targeted device, which researchers noted results in a low success rate. Current assessments have found no malicious apps on Google Play that exploit the Pixnapping vulnerability.
