"Pixnapping" vulnerability lets Android apps steal 2FA codes in 30 seconds

Academic researchers have devised and demonstrated a novel attack that allows malicious Android apps to steal sensitive data from other applications without any operating system permissions being granted to them.

The attack, dubbed Pixnapping, successfully extracted two-factor authentication codes from Google Authenticator in under 30 seconds during testing, along with messages from encrypted comms app Signal, financial data from Venmo, and email content from Gmail.

A team from the universities of California, Berkeley and San Diego, Washington and Carnegie Mellon tested the vulnerability on Google Pixel 6, 7, 8, and 9 models, plus the Samsung Galaxy S25.

Their attack against the Pixel devices succeeded, but not with a 100 percent success rate. They couldn't make Pixnapping work against the Galaxy S25 

"We are unable to leak 2FA codes within 30 seconds using our implementation on the Samsung Galaxy S25 device due to significant noise," the researchers wrote.

The 30 second interval was picked as authentication codes refresh within that time.

Pixnapping bypasses Android's entire permission model, meaning users have no warning signs during installation of malicious apps that can steal their screen data.

Any content visible on screen when an app is opened becomes fair game for theft, including chat messages, authentication codes, and email correspondence.

Pixnapping works by manipulating Android's rendering system to force sensitive pixels through graphical operations, then measuring tiny timing differences to reconstruct the displayed content.

The attack leverages Android's window blur API to induce graphical operations on specific pixels, while using screen vertical synchronisation callbacks so as to measure rendering time with enough precision to extract individual pixel values.

This pixel-by-pixel extraction eventually provides enough data to run optical character recognition and recover the original sensitive information.

Conceptually, the researchers said this is like the malicious app taking screenshots of content it should never access, all without triggering Android's screenshot detection mechanisms.

The weakness exploited by Pixnapping is GPU.zip, a graphics processor side-channel vulnerability that the researchers published in 2023.

GPU.zip allows apps to infer information about GPU operations by measuring timing variations in graphics rendering, similar to how Spectre and Meltdown exploited CPU side channels.

At the time of writing, no GPU vendor has publicly committed to patching GPU.zip.

Google rated the vulnerability as "high severity" in April this year, after the researchers disclosed Pixnapping to the company in February.

It attempted to mitigate Pixnapping with a patch on September 2 US time, by limiting the number of activities an app can invoke blur operations on, but the researchers devised a workaround for the fix just two days after.

That workaround is also rated as "high severity" and remains under embargo while Google develops additional patches which are scheduled to appear in the December Android security bulletin.

The tech giant has also declined to fix an associated vulnerability that allows apps to determine what other applications are installed on a device, which can be used to profile users, the researchers said.

This app listing bypass requires nothing in the malicious app's manifest file, unlike previous tricks that needed specific declarations.

The researchers said they are not aware of effective mitigation strategies to protect individual apps against Pixnapping, but suggested that Android could allow developers to restrict transparent layering, or to hide sensitive visual content when that occurs.

Currently, their advice to users is to install Android patches as soon as they become available.

The attack shows that Android's permission model, which was thought to be secure, can be circumvented through creative exploitation of legitimate system APIs.

The researchers have not yet investigated whether similar attacks are feasible on Apple iOS or other mobile platforms.

Source code for Pixnapping will be released on GitHub once comprehensive patches become available for Android.

Pixnapping was inspired by the 2013 work by British security researcher Paul Stone, whose paper Pixel Perfect Timing Attacks with HTML5 inspired the present team.

The vulnerability has been assigned CVE-2025-48561 in the Common Vulnerabilities and Exposures index.