Pixnapping is a new class of attacks that allows a malicious Android app to stealthily leak information displayed by other Android apps or arbitrary websites. Pixnapping exploits Android APIs and a hardware side channel that affects nearly all modern Android devices. We have demonstrated Pixnapping attacks on Google and Samsung phones and end-to-end recovery of sensitive data from websites including Gmail and Google Accounts and apps including Signal, Google Authenticator, Venmo, and Google Maps. Notably, our attack against Google Authenticator allows any malicious app to steal 2FA codes in under 30 seconds while hiding the attack from the user.
The Pixnapping paper will appear in the 32nd ACM Conference on Computer and Communications Security (Taipei, Taiwan; October 13-17, 2025) with the following title:
You can download a preprint of the paper and cite it via this BibTeX citation.
The paper is the result of a collaboration between the following researchers:
We instantiated Pixnapping on five devices running Android versions 13 to 16 (up until build id BP3A.250905.014): Google Pixel 6, Google Pixel 7, Google Pixel 8, Google Pixel 9, and Samsung Galaxy S25.
We have not confirmed if Android devices from other vendors are affected by Pixnapping. However, the core mechanisms enabling the attack are typically available in all Android devices.
Any running Android app can mount this attack, even if it does not have any Android permissions (i.e., no permissions are specified in its manifest file).
Anything that is visible when the target app is opened can be stolen by the malicious app using Pixnapping. Chat messages, 2FA codes, email messages, etc. are all vulnerable since they are visible.
If an app has secret information that is not visible (e.g., it has a secret key that is stored but never shown on the screen), that information cannot be stolen by Pixnapping.
We do not know.
Make sure to install Android patches as soon as they become available.
We are not aware of mitigation strategies to protect apps against Pixnapping. If you have any insights into mitigations, please let us know and we will update this section.
The three steps a malicious app can use to mount a Pixnapping attack are:
Invoking a target app (e.g., Google Authenticator) to cause sensitive information to be submitted for rendering. This step is described in Section 3.1 of the paper.
Inducing graphical operations on individual sensitive pixels rendered by the target app (e.g., the pixels that are part of the screen region where a 2FA character is known to be rendered by Google Authenticator). This step is described in Section 3.2 of the paper.
Using a side channel (e.g., GPU.zip) to steal the pixels operated on during Step 2, one pixel at a time. This step is described in Section 3.3 of the paper.
Steps 2 and 3 are repeated for as many pixels as needed to run OCR over the recovered pixels and recover the original content. Conceptually, it is as if the malicious app was taking a screenshot of screen contents it should not have access to.
Pixnapping forces sensitive pixels into the rendering pipeline and overlays semi-transparent activities on top of those pixels via Android intents. To induce graphical operations on these pixels, our instantiations use Android’s window blur API. To measure rendering time, our instantiations use VSync callbacks. For a more detailed explanation, we refer to the paper.
Google has attempted to patch Pixnapping by limiting the number of activities an app can invoke blur on. However, we discovered a workaround to make Pixnapping work despite this patch. The workaround is still under embargo.
Pixnapping relies on the GPU.zip side channel to leak pixels.
As of October 2025, no GPU vendor has committed to patching GPU.zip.
Yes. Pixnapping is tracked under CVE-2025-48561 in the Common Vulnerabilities and Exposures (CVE) system.
Android is vulnerable to Pixnapping because it allows an app to:
We have not investigated the applicability of these properties on other platforms yet.
It is another vulnerability we discovered that an app can use to determine if any other app is installed on the phone. This information can be used to profile users. Note that unlike prior app list bypass tricks (e.g., [1] and [2]), nothing needs to be specified in the malicious app’s manifest file to exploit our app list bypass vulnerability. For a more detailed explanation, we refer to Section 3.1 of the paper.
As of October 2025, Google has not committed to patching our app list bypass vulnerability. They resolved our report as “Won’t fix (Infeasible)”.
Yes. The Pixnapping logo is free to use under a CC0 license.
We will release the source code at this link once patches become available: https://github.com/TAC-UCB/pixnapping
