Recent findings have unveiled a significant vulnerability in Android devices manufactured by Google and Samsung, exposing them to a sophisticated side-channel attack that could allow malicious actors to surreptitiously extract sensitive information. This includes two-factor authentication (2FA) codes and Google Maps timelines, all without the user’s awareness, through a method dubbed Pixnapping.
Understanding Pixnapping
The term Pixnapping has been coined by a collaborative research team from esteemed institutions such as the University of California (Berkeley), University of Washington, University of California (San Diego), and Carnegie Mellon University. At its essence, Pixnapping is a pixel-stealing framework specifically targeting Android devices, circumventing existing browser protections and even accessing data from non-browser applications like Google Authenticator.
This attack exploits Android APIs and a hardware side-channel, enabling a malicious application to capture 2FA codes in a matter of seconds. The researchers articulated their findings in a detailed paper, highlighting that the Android APIs facilitate an attacker’s ability to replicate Paul Stone-style attacks outside the confines of a web browser. They noted, “A malicious app can force victim pixels into the rendering pipeline via Android intents and compute on those victim pixels using a stack of semi-transparent Android activities.”
The study concentrated on five specific devices running Android versions 13 to 16 from Google and Samsung. While it remains uncertain whether devices from other original equipment manufacturers (OEMs) are also vulnerable, the foundational techniques necessary for executing Pixnapping are present across all devices operating on this mobile platform.
The Mechanics of the Attack
What sets this attack apart is its ability to be executed by any Android app, regardless of whether it possesses special permissions outlined in its manifest file. However, the attack relies on the victim being persuaded to install and launch the malicious app through various means.
The side-channel enabling Pixnapping, referred to as GPU.zip, was previously disclosed by some of the same researchers in September 2023. This attack leverages a compression feature found in modern integrated GPUs (iGPUs) to facilitate cross-origin pixel stealing attacks within browsers using SVG filters.
The latest iteration of this attack combines the GPU.zip vulnerability with Android’s window blur API, thereby leaking rendering data and allowing for the theft of information from victim applications. A malicious Android app can manipulate the rendering pipeline to send pixels from target apps into the pipeline, overlaying semi-transparent activities using intents—an Android mechanism for navigating between applications and activities.
In simpler terms, the malicious app invokes a target application containing valuable information, such as 2FA codes, prompting the data to be rendered. The rogue app then isolates the coordinates of the pixel that holds the 2FA code, using a series of semi-transparent activities to mask, enlarge, and transmit that pixel via the side-channel. This process is repeated for each pixel pushed into the rendering pipeline.
Vulnerability Factors and Response
The researchers identified three critical factors contributing to Android’s susceptibility to Pixnapping:
- The ability to send another app’s activities to the Android rendering pipeline via intents.
- The capacity to induce graphical operations, such as blurring, on pixels displayed by another app.
- The ability to measure pixel color-dependent side effects resulting from these graphical operations.
Google is currently tracking this issue under the CVE identifier CVE-2025-48561, with a CVSS score of 5.5. Patches addressing the vulnerability were released as part of the September 2025 Android Security Bulletin. Google acknowledged that “An application requesting lots and lots of blurs: (1) enables pixel stealing by measuring how long it takes to perform a blur across windows, [and] (2) probably isn’t very valid anyways.”
However, a workaround has emerged that could potentially re-enable Pixnapping, prompting Google to work on a more robust fix. Additionally, the study revealed that this vulnerability allows attackers to ascertain whether specific applications are installed on a device, circumventing restrictions that have been in place since Android 11 to prevent querying the list of installed apps. This app list bypass remains unaddressed, with Google categorizing it as “won’t fix.”
The researchers concluded their findings with a thought-provoking observation: “Like browsers at the beginning, the intentionally collaborative and multi-actor design of mobile app layering makes the obvious restrictions unappealing.” They emphasized that app layering is unlikely to disappear and suggested that a realistic response would involve allowing sensitive apps to opt out while restricting the attacker’s measurement capabilities, ensuring that any proof-of-concept remains just that.
