Academic researchers have unveiled 'Pixnapping,' a novel Android attack enabling malicious apps to covertly harvest sensitive screen data like 2FA codes and chat messages within 30 seconds, bypassing traditional permissions. Exploiting a GPU timing side channel similar to the prior GPU.zip web attack, Pixnapping reconstructs displayed information pixel-by-pixel. While Google issued partial mitigations, a modified version remains effective, exposing fundamental limitations in Android's inter-app data isolation.