Security researchers have unveiled a sophisticated new attack technique dubbed “Pixnapping” that can extract two-factor authentication codes from Google Authenticator and other sensitive mobile applications in under 30 seconds.
Pixnapping leverages fundamental features of Android’s graphics rendering system to create a side-channel attack that steals pixel data from victim applications.
Unlike traditional browser-based pixel-stealing attacks that rely on embedding websites in iframes, this new technique uses Android intents to launch victim applications and layers semi-transparent attacker-controlled activities on top of them.
The vulnerability, tracked as CVE-2025-48561, represents a significant evolution in pixel-stealing attacks that bypasses modern browser security protections and threatens Android users across multiple device manufacturers.
The attack exploits how Android’s SurfaceFlinger service composites multiple windows together, allowing malicious apps to isolate, enlarge, and extract individual pixels from victim applications through carefully orchestrated blur operations and timing measurements.
The framework operates in three primary steps. First, the attacker app sends Android intents to open exported activities from victim applications, submitting their pixels to the rendering pipeline.
Second, the attacker creates a stack of semi-transparent activities that use masking, enlargement, and encoding techniques to compute on individual victim pixels.
Finally, the attack measures rendering time differences caused by pattern-dependent GPU optimizations like graphical data compression to leak pixel color information.
Researchers demonstrated the attack successfully on Google Pixel 6, 7, 8, and 9 devices, as well as Samsung Galaxy S25 phones, achieving leakage rates between 0.15 and 2.11 pixels per second depending on the device.
Two-Factor Authentication Codes
The most alarming demonstration of Pixnapping involves stealing ephemeral 2FA codes from Google Authenticator before they expire.
When the user presses the back button from the email viewing activity, that activity is popped off the back stack and theInbox activity is resumed.
explicit intent to activityD.
Using an optimized OCR-style technique that identifies digits by leaking just four carefully chosen pixels per digit rather than recovering entire character images, researchers achieved a 53-73% success rate in recovering complete six-digit codes within the critical 30-second refresh window.
On Google Pixel devices, the average extraction time ranged from 14.3 to 25.8 seconds, with the Pixel 6 performing fastest at an average of 14.3 seconds.
The attack requires no special Android permissions and operates stealthily by hiding malicious activity beneath a slightly transparent layer displaying benign content.
Once a user installs and launches the attacker app, no further user interaction is necessary. The technique dynamically adjusts for variable-width fonts and spacing in Google Authenticator’s interface, waiting for the beginning of a new 30-second interval before initiating the extraction process to maximize the available time window.
While the Google Authenticator attack represents the most time-sensitive demonstration, Pixnapping threatens a far broader range of sensitive data.
We target pattern-dependent optimizations, such as GPU.zip, to transmit the value of the
victim pixel.
front of a black and white victim pixel on the Google phones.
Researchers successfully extracted information from Google Maps Timeline including complete location histories with timestamps and addresses, private Signal messages even with Screen Security enabled, SMS conversations from Google Messages, Venmo account balances and transaction details, Gmail inbox contents including sender information and message previews, and Google Account personal information such as names, addresses, and email addresses.
The attack fundamentally bypasses browser-based protections that have largely mitigated traditional pixel-stealing techniques.
A survey of the top one million websites revealed that only 0.2% remain vulnerable to conventional iframe-based attacks due to X-Frame-Options headers and SameSite cookie policies.
In contrast, 100% of websites are vulnerable when opened through the Chrome browser app, and 99.3% remain at risk when accessed via Chrome Custom Tabs.
For each website, we send a GET request with a current Chromeon-macOS user-agent string. We mark a website as reachable if returns an HTTP 200 status code.
Additionally, researchers identified 238,036 activities across 96,783 Android apps that can be targeted through implicit intents, with a median of two exported activities per application.
Mitigations
Researchers disclosed their findings to Google on February 24, 2025, receiving a High severity rating and CVE assignment. Google released an initial patch on September 2, 2025, but researchers subsequently discovered a workaround and found that the mitigation did not protect Samsung devices.
Follow-up disclosures to both Google and Samsung occurred in September, with coordination regarding comprehensive mitigations still ongoing as of October 13, 2025.
The research team recommends targeting the second condition of the attack framework by preventing attacker computations on victim pixels, similar to how the frame-ancestors Content Security Policy directive defanged browser-based attacks.
One proposed mitigation would allow developers to restrict transparent layering over their activities to an explicit allowlist, forcing apps to opt in rather than being vulnerable by default.
This approach would preserve the collaborative multi-actor design of Android app layering while protecting sensitive applications from pixel extraction.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
