One pixel at a time, hackers can peer into Android screens and steal one-time passwords (OTP), private messages, or other sensitive data. Researchers have disclosed a high-severity “Pixnapping” attack method, demonstrating that likely all modern Android devices are affected.
No Android device or app is safe from this new class of attack. The researchers have demonstrated that it works on Google and Samsung phones, and they were able to recover sensitive data from Gmail and Google accounts and apps like Signal, Authenticator, Venmo, and others.
A team of researchers from the University of California, Berkeley, the University of Washington, and Carnegie Mellon University tested the exploit on Android versions 13-16, the Google Pixel versions 6-9, and the Samsung Galaxy S25.
“The core mechanisms enabling the attack are typically available in all Android devices,” the researchers warn.
“Notably, our attack against Google Authenticator allows any malicious app to steal 2FA codes in under 30 seconds while hiding the attack from the user.”
How does the attack work?
First, the user needs to open the attacker's app. The malicious app doesn’t need any Android permissions or further user interactions.
Behind the scenes, the malicious app launches Google Authenticator or any other targeted app’s main activity. It waits briefly for the 2FA code to refresh in the background and then starts retrieving it pixel by pixel, digit by digit.
“Pixnapping forces sensitive pixels into the rendering pipeline and overlays semi-transparent activities on top of those pixels via Android intents,” the researchers explain.
Intents are a way for Android apps to communicate with one another. They enable one app to call another app and involve a specific activity, like opening a page. The Pixnapping attack abuses this feature to quietly open sensitive screens, from which attackers can steal data.
Data theft, however, is the tricky part. To steal the data, the malicious app runs a stack of activities, inducing graphical operations (blur) on the sensitive pixels displayed by the targeted app, while hiding the attack from the user.
The researchers used a slow side channel (indirect) exploit (GPU.zip), which only achieved a leakage rate of 0.6 to 2.1 pixels per second. That is still enough to leak sensitive data – just a few pixels are needed to determine one symbol. Recovering the whole website (Gmail inbox) took researchers 10-25 hours.
The Cybernews community is talking about this. Be a part of the conversation.
It works by isolating one victim pixel and leaving a pinhole in the first overlay. Once this pixel reaches the rendering pipeline, various encoding processes will have different rendering times due to how GPU compression works.
The attacker needs to measure the time it takes to render the frame to determine the targeted pixel’s color. The final slightly transparent (less than 1%) layer hides the activity from the user.
These steps need to be repeated for as many pixels as needed to determine the original content.
“Conceptually, it is as if the malicious app was taking a screenshot of screen contents it should not have access to,” the researchers explain.
The researchers also believe that more optimized exploits relying on rendering time could approach a rate of one pixel per screen refresh.
“Anything that is visible when the target app is opened can be stolen by the malicious app using Pixnapping. Chat messages, 2FA codes, email messages, etc., are all vulnerable since they are visible.”
This attack idea was first described in 2013 by security researcher Paul Stone, who embedded targeted websites in iframes and used SVG filters to compute on and create side channels for targeted pixels.
No patch yet
It’s unclear if this technique has ever been used to target Android users in the wild.
The researchers first disclosed the Pixnapping attack to Google on February 24th, 2025, and the tech giant rated the flaw as high severity.
Google has released an attempted patch to Pixnapping, which limits the number of activities a (malicious) app can invoke blur on. However, the researchers developed a workaround for this patch, which is still under embargo.
They disclosed this workaround to Google on September 8th, 2025, and the tech giant plans to issue an additional patch in the December Android security bulletin.
The paper also discloses another vulnerability: Android apps can determine if any other app is installed on the phone. A malicious app could use this to profile users.
Your email address will not be published. Required fields are markedmarked