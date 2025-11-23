Imagine most of your phone being secure, free from malicious snooping, save for the pixels on the screen. That's the idea behind 'pixnapping', a new form of attack that U.S. researchers from several universities have discovered. A malicious app tricks the system into leaking digital pixel data, "one pixel at a time", using transparent layers. It exploits Android's application programming interfaces (APIs) to essentially rebuild layered screen captures. It may not sound serious, but using this method, hackers can steal sensitive data like two-factor authentication (2FA) codes. The technique can siphon information, like 2FA codes, within 14 to 25 seconds — codes expire after 30 seconds. That's enough time to steal and use a valid code, bypassing your secure accounts.

It is worrisome, but there is relatively good news. Google already issued a patch that partially mitigates the problem. That patch limits the activities an app can invoke blur on, the function that allows transparent layers, and is what a pixnapping attack uses to capture data. But researchers have found a workaround. The attack, however, is not easy to carry out, and you need to install a malicious Android app first, then open it. Unfortunately, the malicious app does not need extra permissions to carry out the attack. Google says they are issuing an additional patch in the December Android security bulletin. For now, it still exists and could be deployed on many devices, including Samsung and Google Pixel models, used by the researchers to test their work. It's never been more important to patch security vulnerabilities like this. It was recently discovered over one million Android devices were infected by a secret backdoor for hackers. Additionally, thousands of Android users installed infected apps, not unlike what would be needed for the pixnapping attack.