Malicious app required to make “Pixnapping” attack work requires no permissions.

The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet. The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.

  • BCsven@lemmy.caEnglish
    4·
    24 hours ago

    That’s why I put GrapheneOS on my phone. It sandboxes apps and you can grant specific containerized storage spaces aaccesa per app.

    But screen reading OOF, I thought that would have needed screen overlay permissions.

    • MaggiWuerze@feddit.orgEnglish
      2·
      22 hours ago

      If only they would support more devices. Maybe they will broaden their lineup now that Google has basically curb stomped them

    • ReversalHatchery@beehaw.orgEnglish
      1·
      19 hours ago

      I don’t think the screen overlay permission gives access for screen capture

      I was wrong. but this article seems to imply that it’s screen overlay permission is what is needed for this to work.