Overview

• Security researchers disclosed Pixnapping, a GPU side-channel technique that reconstructs on-screen content quickly enough to capture time-sensitive two-factor codes.
• Demonstrations recovered codes from apps such as Google Authenticator on devices including Pixel 6–9 and Galaxy S25 running Android 13–16.
• Google assigned the issue CVE-2025-48561 with a High Severity rating and rolled out temporary API restrictions in September.
• The research team reports those mitigations can be bypassed, and Google plans further fixes in the December 2025 update, while a durable solution will require core OS changes.
• It is not clear whether the method is being used in the wild, and experts advise installing only trusted apps, enabling Play Protect or antivirus, and minimizing on-screen exposure of sensitive codes.