Researchers have uncovered a new class of Android attacks that allows malicious apps to steal sensitive on-screen information — including two-factor authentication codes, private messages, and financial data — without requiring any permissions or alerting users.
The attack, dubbed Pixnapping, exploits Android operating system features and a graphics hardware side channel to extract pixels from other apps and websites, reports Carnegie Mellon University. A research team including Riccardo Paccagnella, assistant professor in Carnegie Mellon University’s Software and Societal Systems Department, demonstrated successful attacks on modern Google and Samsung phones running Android versions 13 through 16.
In proof-of-concept tests, Pixnapping recovered sensitive information from Signal, Venmo, Google Authenticator, Gmail, Google Maps, and Google Accounts. The attack stole 2FA codes from Google Authenticator in less than 30 seconds whilst hiding the activity from users.
Paccagnella says: “Conceptually, it is as if any app could take a screenshot of other apps or websites without permission, which is a fundamental violation of Android’s security model.”
The attack works by forcing sensitive pixels into Android’s rendering pipeline, overlaying semi-transparent activities on top of them, and using a GPU hardware side channel called GPU.zip to leak the pixel information one at a time. The malicious app requires no Android permissions specified in its manifest file.
Affected devices include Google Pixel 6, Pixel 7, Pixel 8, Pixel 9, and Samsung Galaxy S25. The researchers note that because the core mechanisms used by Pixnapping are typically available in all Android devices, the vulnerability likely affects smartphones across manufacturers.
The team disclosed its findings to Google in February. Google rated Pixnapping as High Severity and assigned it CVE-2025-48561 in the Common Vulnerabilities and Exposures system. Google released a patch in September restricting access to certain APIs, but the researchers discovered a workaround that restored the attack’s effectiveness.
Paccagnella notes: “Fixing Pixnapping will likely require changes to core Android mechanisms, for example, by allowing apps to prevent other apps from drawing over their sensitive content.”
The research will be presented at the ACM Conference on Computer and Communications Security in Taipei, Taiwan. The team plans to release Pixnapping’s source code once effective patches become available.
