Even if this particular attack is against Android phones, it should be noted that iPhones have their own security issues.

Stay safe out there, regardless of what type of phone you use.

requires a victim to first install a malicious app

Let me stop you right there… and leave.

The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet. The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.

"Our end-to-end attacks simply measure the rendering time per frame of the graphical operations… to determine whether the pixel was white or non-white.”

This is a prime example of something that is so simple, yet elegant, and brilliant. Fantastically cool and scary.

Dont install random shit and if possible have a phone just for 2fa

The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet. The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.

Gotta wonder why random apps don’t need special permissions to run and operate other apps. You can cause plenty of trouble maliciously navigating a browser even if you can’t see the screen.