Science
Researchers Uncover Android Flaw Enabling Data Theft via Pixnapping

Security researchers have identified a significant flaw in Android’s architecture that allows malicious applications to covertly access sensitive user data. Known as “Pixnapping,” this newly revived attack utilizes a 12-year-old browser-based data theft technique to target Android devices. The vulnerability enables an unauthorized app to extract data displayed on other applications or websites without requiring special permissions.
Understanding the Pixnapping Attack
Pixnapping operates by exploiting a hardware side channel known as GPU.zip. It achieves this by measuring the rendering time of screen pixels. Attackers can overlay transparent activities on the screen and analyze how quickly pixels are rendered, effectively reconstructing the on-screen content pixel by pixel. Although the technique leaks only between 0.6 to 2.1 pixels per second, this is sufficient to recover sensitive information such as authentication codes from applications like Google Maps, Gmail, Signal, Venmo, and Google Authenticator.
The vulnerability, identified as CVE-2025-48561, impacts devices running Android versions 13 through 16, including popular models like the Pixel 6 to Pixel 9 and the Galaxy S25. A partial patch was issued in September 2025, with a more comprehensive solution anticipated by December 2025.
The Implications of This Vulnerability
The emergence of Pixnapping highlights a critical flaw in the rendering and GPU architecture of Android. This incident serves as a reminder that even techniques deemed resolved can reappear in new and alarming forms. Since Pixnapping does not require special permissions, a seemingly benign app downloaded from the Google Play Store could potentially monitor sensitive on-screen data without user awareness.
Moreover, this attack underscores a broader challenge in mobile security related to side-channel vulnerabilities—leaks caused not by software flaws but by the inherent way hardware processes data. These vulnerabilities are notoriously difficult to detect and fix, posing ongoing risks to user data.
For Android users, this research signals the potential for hidden data theft without any visible indicators. Applications may silently collect sensitive information such as banking details, two-factor authentication (2FA) codes, or location data simply by observing user screen activity. Although Google has stated that there is currently no evidence of exploitation, the existence of this attack indicates that malware could circumvent traditional security measures.
Going forward, Google plans to implement additional fixes aimed at curbing the misuse of the blur API and enhancing detection capabilities. However, researchers caution that existing workarounds could still be utilized, and the underlying GPU.zip vulnerability remains unaddressed. Until a permanent resolution is achieved, users are advised to limit the installation of untrusted applications and ensure their devices are kept up to date. Security experts also anticipate the emergence of more side-channel attacks like Pixnapping as attackers refine their techniques.
-
Technology3 months ago
Discover the Top 10 Calorie Counting Apps of 2025
-
Health4 weeks ago
Bella Hadid Shares Health Update After Treatment for Lyme Disease
-
Health1 month ago
Erin Bates Shares Recovery Update Following Sepsis Complications
-
Technology2 months ago
Discover How to Reverse Image Search Using ChatGPT Effortlessly
-
Lifestyle3 months ago
Belton Family Reunites After Daughter Survives Hill Country Floods
-
Technology3 months ago
Meta Initiates $60B AI Data Center Expansion, Starting in Ohio
-
Technology2 months ago
Uncovering the Top Five Most Challenging Motorcycles to Ride
-
Technology3 months ago
Harmonic Launches AI Chatbot App to Transform Mathematical Reasoning
-
Technology3 months ago
Recovering a Suspended TikTok Account: A Step-by-Step Guide
-
Technology4 weeks ago
Electric Moto Influencer Surronster Arrested in Tijuana
-
Technology1 week ago
iPhone 17 vs. iPhone 16: How the Selfie Camera Upgrades Measure Up
-
Technology3 months ago
Google Pixel 10 Pro Fold vs. Pixel 9 Pro Fold: Key Upgrades Revealed