Security researchers from the United States have disclosed Pixnapping, a side‑channel attack that lets an unprivileged Android app infer visual content currently displayed on the screen—including messenger messages and one‑time 2FA codes—without requesting sensitive permissions. In testing on recent devices, the method recovered 2FA digits in under 30 seconds, demonstrating a practical path to on‑screen data exfiltration.
What Pixnapping Is and Why It Matters
Pixnapping is a side‑channel attack, meaning it does not directly read screen buffers. Instead, it observes subtle byproducts of how the Android graphics stack renders pixels. By exploiting rendering behavior and GPU compression artifacts, a malicious app can reconstruct small but security‑critical regions of the screen—effectively approximating an unauthorized “screenshot” without access to screenshot APIs.
How the Attack Works: From Android Intents to Pixel Probing
The attack chain starts by abusing Android Intents to launch a target activity or webpage at a predictable time. This ensures the target window is handled by SurfaceFlinger, Android’s system compositor that blends multiple windows into a single frame for display.
Next, the attacker overlays a masking activity—a nearly all‑white window brought to the foreground—leaving a single transparent pixel at a specific coordinate. By probing whether the underlying pixel at that coordinate renders as white or not, the attacker learns one bit of visual information about the target content beneath the mask.
Pixel Stretching and OCR‑Style Reconstruction
Pixnapping then leverages blur/resize behavior inside SurfaceFlinger to “stretch” isolated pixels, amplifying their effect and making single‑pixel probes more distinguishable. By iterating across selected coordinates and collecting enough pixel states, the attacker reconstructs a small bitmap of the sensitive region and applies an OCR‑like technique to recognize digits or characters—sufficient, for example, to extract a 2FA code.
GPU.zip: The Leakage Channel Behind the Scenes
The core enabler is the GPU.zip side channel, which exploits how modern GPUs compress and handle graphical data. Differences in compression outcomes and timing expose signal about underlying pixel values. Although the raw leakage rate is modest—approximately 0.6–2.1 pixels per second—researchers optimized the workflow to recover enough pixels to extract 2FA codes and other sensitive snippets in less than 30 seconds. Crucially, this approach requires no special permissions because it relies on rendering side effects rather than protected APIs.
Affected Devices and Real‑World Applicability
Pixnapping was validated on Google Pixel 6, 7, 8, and 9 and the Samsung Galaxy S25 running Android versions 13 through 16—all were vulnerable in testing. Given the underlying mechanisms are present in earlier Android releases, older devices may also be at risk.
To gauge the practical attack surface, the researchers analyzed nearly 100,000 Google Play apps and found hundreds of thousands of intent‑invokable actions. This abundance of triggerable activities suggests that many everyday user flows could be coerced to reveal small, high‑value screen regions at the right time.
Patch Status: CVE-2025-48561 and Current Limitations
Google shipped a September Android update addressing CVE‑2025‑48561, but the team reports a working bypass. According to Google, the updated variant of the attack requires device‑specific knowledge, which increases exploitation complexity in practice. A more robust platform‑level mitigation is expected in December 2025. Google and Samsung say they plan to close remaining gaps before year‑end. At the time of writing, GPU vendors have not announced fixes for the GPU.zip side channel, and there is no evidence of in‑the‑wild Pixnapping exploitation.
Risk Mitigation for Users and Organizations
- Apply Android and security updates immediately as they become available; timely patching is the best defense against side channels.
- Avoid untrusted apps and scrutinize developer reputation, even on Google Play.
- Limit apps that can initiate intent flows and periodically audit elevated capabilities (e.g., overlay permissions and accessibility services).
- For high‑risk accounts, prefer phishing‑resistant methods such as hardware security keys (FIDO2) or protected push approvals instead of on‑screen OTPs.
- Developers can evaluate UI hardening measures (e.g., careful use of overlays and timing) and consider that anti‑capture flags may reduce exposure but are not a complete defense against rendering side channels.
Pixnapping underscores that modern UI stacks can leak sensitive information through rendering byproducts. Until stronger platform and GPU‑level mitigations are in place, keep devices patched, reduce exposure to untrusted apps, and shift critical authentication to methods that do not rely on visible on‑screen codes.
