The ‘Acropalypse’
Today, a vulnerability was announced in Google’s photo editing app that allows an attacker to recover images that have been cropped or edited. This affects phones patched to the latest version of Android. Even after the vulnerability is eventually fixed all your previous screenshots can still be recovered. The technical details of how this works were covered in a blog post by David Buchanan.
Test it yourself
A website is available that you can use to test yourself. Although the website is a little buggy, it can recover portions of the cropped image, particularly below the cropped portion:
Cropped screenshot
Recovered image
Who is affected?
All Pixel phones using Google’s stock operating system are affected, from the Pixel 3 to Pixel 7 Pro. This includes Android 10, 11, 12, 12.1 and 13. Any phone which uses Google’s “Markup” photo editing app is also affected.
Phones which do not use Google apps ( such as Armadillo Phone or Graphene OS ) are not affected.
-
Published on: Mar 18th, 2023