The security promise that Android apps operate in isolated silos, unable to spy on each other's data, faces a stark challenge with the discovery of the Pixnapping attack. This sophisticated technique allows a seemingly innocuous, permission-less malicious app installed on an Android device to steal highly sensitive information displayed by other apps in near real-time – including time-limited two-factor authentication (2FA) codes, private messages, and location timelines. Researchers demonstrated the attack successfully on Google Pixel 6 through 9 and Samsung Galaxy S25 devices, recovering 2FA codes in as little as 14.3 seconds.

Article illustration 1

Samsung Galaxy S25 devices were among those found vulnerable to the Pixnapping attack. (Credit: Ars Technica)

How Pixnapping Exploits the Rendering Pipeline

Pixnapping operates by manipulating Android's graphical rendering system and exploiting subtle timing differences (a side channel) inherent in how pixels are processed. It requires no special permissions because it leverages standard Android programming interfaces (Activities, Intents, Tasks) combined with low-level graphical operations:

  1. Luring the Target: The malicious app invokes Android APIs, forcing a targeted app (like an authenticator or messaging app) to display specific sensitive information on the screen. This data enters Android's rendering pipeline.
  2. Pixel Probing: The attacker performs carefully crafted graphical operations focused on individual pixel coordinates where the desired data (e.g., a digit of a 2FA code) is expected to appear. These operations are designed so their execution time varies measurably depending on the color (e.g., white vs. non-white) of the underlying victim pixel at that location.
  3. Timing Reconstruction: By meticulously measuring the time taken to render these operations at thousands of coordinates, the malicious app can infer the color of each pixel. Combining these inferences rebuilds the displayed image, character by character or shape by shape, effectively screenshotting data it shouldn't see.

"Conceptually, it is as if the malicious app was taking a screenshot of screen contents it should not have access to," explained Alan Linghao Wang, lead author of the research paper "Pixnapping: Bringing Pixel Stealing out of the Stone Age". "Our end-to-end attacks simply measure the rendering time per frame... to determine whether the pixel was white or non-white."

Beating the 30-Second Clock: Stealing 2FA Codes

The attack's most alarming demonstration involved stealing time-sensitive 6-digit 2FA codes generated by Google Authenticator. Researchers optimized Pixnapping to operate within the codes' 30-second validity window:

  • Reduced samples per pixel and minimized delays between probes.
  • Waited for the start of a new 30-second interval using the system clock.
  • Achieved success rates ranging from 29% to 73% across Pixel 6-9 models, with average theft times between 14.3 and 25.8 seconds.

Mitigations and Limitations

Google acknowledged the vulnerability (CVE-2025-48561), stating:

"We issued a patch for CVE-2025-48561 in the September Android security bulletin, which partially mitigates this behavior. We are issuing an additional patch for this vulnerability in the December Android security bulletin. We have not seen any evidence of in-the-wild exploitation."

However, the research team confirmed a modified Pixnapping attack bypasses the September patch. The December patch's effectiveness remains to be independently verified.

While technically impressive and a significant finding for platform security, real-world exploitation faces hurdles. The attack requires a malicious app installation and precise knowledge of where target data appears on screen for different apps and devices. Nevertheless, Pixnapping fundamentally undermines Android's security model by proving visual data displayed by one app can be exfiltrated by another without permissions, highlighting the persistent threat of side-channel attacks in complex graphical systems. It serves as a stark reminder that what users see on their screens might not be as private as they assume.

Source: Based on research reported by Dan Goodin, Ars Technica (October 2025)