Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other sensitive data without the users’ knowledge pixel-by-pixel.
The attack has been codenamed Pixnapping by a group of academics from the University of California (Berkeley), University of Washington, University of California (San Diego), and Carnegie Mellon University.
Pixnapping, at its core, is a pixel-stealing framework aimed at Android devices in a manner that bypasses browser mitigations and even siphons data from non-browser apps like Google Authenticator by taking advantage of Android APIs and a hardware side-channel, allowing a malicious app to weaponize the technique to capture 2FA codes in under 30 seconds.
“Our key observation is that Android APIs enable an attacker to create an analog to [Paul] Stone-style attacks outside of the browser,” the researchers said in a paper. “Specifically, a malicious app can force victim pixels into the rendering pipeline via Android intents and compute on those victim pixels using a stack of semi-transparent Android activities.”
The study specifically focused on five devices from Google and Samsung running Android versions 13 to 16, and while it’s not clear if Android devices from other original equipment manufacturers (OEMs) are susceptible to Pixnapping, the underlying methodology necessary to pull off the attack is present in all devices running the mobile operating system.
What makes the novel attack significant is that any Android app can be used to execute it, even if the application does not have any special permissions attached via its manifest file. However, the attack presupposes that the victim has been convinced by some other means to install and launch the app.
The side-channel that makes Pixnapping possible is GPU.zip, which was disclosed by some of the same researchers back in September 2023. The attack essentially takes advantage of a compression feature in modern integrated GPUs (iGPUs) to perform cross-origin pixel stealing attacks in the browser using SVG filters.
Overview of our pixel stealing framework
The latest class of attack combines this with Android’s window blur API to leak rendering data and enable theft from victim apps. In order to accomplish this, a malicious Android app is used to send victim app pixels into the rendering pipeline and overlay semi-transparent activities using intents – an Android software mechanism that allows for navigation between applications and activities.
In other words, the idea is to invoke a target app containing information of interest (e.g., 2FA codes) and cause the data to be submitted for rendering, following which the rogue app installed the device isolates the coordinates of a target pixel (i.e., ones which contain the 2FA code) and induces a stack of semi-transparent activities to mask, enlarge, and transmit that pixel using the side-channel. This step is then repeated for every pixel pushed to the rendering pipeline.
The researchers said Android is vulnerable to Pixnapping due to a combination of three factors that allow an app to –
- Send another app’s activities to the Android rendering pipeline (e.g., with intents)
- Induce graphical operations (e.g., blur) on pixels displayed by another app’s activities
- Measure the pixel color-dependent side effects of graphical operations
Google is tracking the issue under the CVE identifier CVE-2025-48561 (CVSS score: 5.5). Patches for the vulnerability were issued by the tech giant as part of its September 2025 Android Security Bulletin, with Google noting that: “An application requesting lots and lots of blurs: (1) enables pixel stealing by measuring how long it takes to perform a blur across windows, [and] (2) probably isn’t very valid anyways.”
However, it has since come to light that there exists a workaround that can be used to re-enable Pixnapping. The company is said to be working on a fix.
Furthermore, the study found that as a consequence of this behavior, it’s possible for an attacker to determine if an arbitrary app is installed on the device, bypassing restrictions implemented since Android 11 that prevent querying the list of all installed apps on a user’s device. The app list bypass remains unpatched, with Google marking it as “won’t fix.”
“Like browsers at the beginning, the intentionally collaborative and multi-actor design of mobile app layering makes the obvious restrictions unappealing,” the researchers concluded.
“App layering is not going away, and layered apps would be useless with a no-third-party-cookies style of restriction. A realistic response is making the new attacks as unappealing as the old ones: allow sensitive apps to opt out and restrict the attacker’s measurement capabilities so that any proof-of-concept stays just that.”
