A new attack exploits both Android operating system features and a hardware side channel to extract on-screen data without users noticing that their data has been compromised.
Researchers at Carnegie Mellon say the exploit begins when the malicious app launches the target application it intends to spy on.
It then triggers graphic operations that manipulate pixels in areas of the screen where sensitive information is likely shown. Next, the attackers leverage a GPU side-channel technique (the GPU.zip exploit disclosed in 2023) to exfiltrate those pixels, extracting the image data one pixel at a time.
Researchers successfully recovered data shown on the screen from both browsers and native apps in their proof-of-concept tests, including Gmail, Google Accounts, Google Authenticator, Google Maps, Signal, and Venmo. In lab tests the exploit was effective on multiple modern handsets, including Google Pixel 6, 7, 8 and 9 models and a Samsung Galaxy S25.
“Conceptually, it is as if any app could take a screenshot of other apps or websites without permission, which is a fundamental violation of Android’s security model,” said Riccardo Paccagnella, researcher and assistant professor in Carnegie Mellon University.
How Pixnapping Works
The technique builds upon the longstanding side-channel method known as pixel stealing.
Android APIs can be used to push victim pixels into the rendering pipeline and then overlays semi-transparent activities on top of those pixels via Android intents.
“Our key observation is that Android APIs enable an attacker to create an analog to Stone-style attacks outside of the browser. Specifically, a malicious app can force victim pixels into the rendering pipeline via Android intents and compute on those victim pixels using a stack of semi-transparent Android activities,” the research paper reads.
The team adds their framework is able to reach secrets “only stored locally (e.g., 2FA codes and Google Maps Timeline), which have never before been in reach of pixel stealing attacks.”
In practice the malicious app overlays virtually transparent windows above the target app, monitors subtle timing and rendering signals that vary with pixel color, and reconstructs small regions of the displayed content. The researchers demonstrated the technique can lift ephemeral items such as two‑factor codes and other on‑screen secrets. After collection, the stolen data is sent to a command‑and‑control server controlled by the attacker.
Scope, Difficulty, And Disclosure
The research team tested the technique on several recent Google and Samsung handsets, but say the underlying API and hardware side‑channel make many modern Android devices potentially vulnerable. The authors disclosed their findings to Google and Samsung in early 2025.
Exploitation is technically demanding.
Attackers need deep familiarity with Android internals and graphics hardware, but once implemented a pixnapping app could be disguised to look like any ordinary application and distributed like any other piece of Android malware. Successful attacks also require convincing a target to install and run the malicious app.
Patches, Vendor Response, And Risk
The issue has been assigned CVE‑2025‑48561. Google published a partial fix in September 2025; however, researchers identified a workaround that rendered the patch ineffective. As a result, Google plans to release an additional patch in the December 2025 Android Security Bulletin to fully address the issue.
The company told Dark Reading, “We are issuing an additional patch for this vulnerability in the December Android security bulletin.” Google also stated it has not observed any evidence of in‑the‑wild exploitation and added that exploiting the bug requires specific data about the target device, and that no malicious applications exploiting the vulnerability have been found on Google Play.
The Bigger Picture
Pixnapping shifts a long‑standing side‑channel threat out of the browser and squarely into native Android apps. Since the technique targets pixels that are legitimately displayed by other apps, it lets attackers harvest ephemeral secrets, without exploiting a traditional software bug, widening the attack surface for high‑value targets such as banking, communications, and account recovery flows.
Pixnapping extends the pixel stealing family of exploits into native Android activities and highlights that on screen secrets can be exposed without traditional software vulnerabilities — a reminder that careful app hygiene and prompt security updates remain essential.
