New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
14 October 2025
Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other sensitive data without the users' knowledge pixel-by-pixel.
The attack has been codenamed Pixnapping by a group of academics from the University of California (Berkeley), University of