A UC Berkeley team shows a no‑permission Android app can infer the color of pixels in other apps by timing graphics operations, then reconstruct sensitive content like Google Authenticator codes. The attack works on Android 13–16 across recent Pixel and Samsung devices and is not yet mitigated.
— It challenges trust in on‑device two‑factor apps and app‑sandbox guarantees, pressuring platforms, regulators, and enterprises to rethink mobile security and authentication.
BeauHD
2025.10.14
100% relevant
Alan Wang’s explanation of 'Pixnapping' and tests on Pixel 6–9 and Galaxy S25 running Android 13–16, stealing pixels from apps like Signal, Maps, Venmo, and Google Authenticator.
← Back to All Ideas