Android security alert graphic: Phone screen with Pixnapping icon stealing data streams from apps like Gmail and Signal; AI brain enhancing theft, red warning flags, and protective shields for updates and permissions, with "Secure Your Apps" banner.

University of California researchers exposed Pixnapping, a proof-of-concept exploit that lets malicious Android apps capture sensitive data like 2FA codes from Gmail, Google Authenticator, Signal, and Venmo via hardware side channels. It uses Android APIs to grab pixels from other apps or websites, achieving up to 61% accuracy boosted by AI, without needing root access. Tested on Google and Samsung devices, it's remotely exploitable if the app is open, evading standard scans.

Android security alert graphic: Phone screen with Pixnapping icon stealing data streams from apps like Gmail and Signal; AI brain enhancing theft, red warning flags, and protective shields for updates and permissions, with "Secure Your Apps" banner.Android security alert graphic: Phone screen with Pixnapping icon stealing data streams from apps like Gmail and Signal; AI brain enhancing theft, red warning flags, and protective shields for updates and permissions, with "Secure Your Apps" banner.

No full patch exists yet; Google's September update partially fixes it, with another due in December. Exploitation requires the malicious app to be installed and visible, making it a social engineering risk. Researchers note it's not seen in the wild, but highlights Android's vulnerabilities in data handling.

Android security alert graphic: Phone screen with Pixnapping icon stealing data streams from apps like Gmail and Signal; AI brain enhancing theft, red warning flags, and protective shields for updates and permissions, with "Secure Your Apps" banner.Android security alert graphic: Phone screen with Pixnapping icon stealing data streams from apps like Gmail and Signal; AI brain enhancing theft, red warning flags, and protective shields for updates and permissions, with "Secure Your Apps" banner.

Protect yourself:

Update your device regularly, download apps only from official stores, and review permissions closely. For developers, minimize exposed data in apps and use secure APIs. Report suspicious behavior to Google to strengthen defenses against these sneaky threats.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net