this post was submitted on 14 Oct 2025
89 points (94.1% liked)

Android

20807 readers
374 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id

💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below

Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More

founded 2 years ago
MODERATORS
ijeff
ladfrombrad
Paradox
multimoon
mikestevens
Devgard@lemmy.world
limerod@reddthat.com
Netrunner
89
Hackers can steal 2FA codes and private messages from Android phones (arstechnica.com)
submitted 2 months ago by schizoidman@lemmy.zip to c/android
21 comments fedilink hide all child comments
 

The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet. The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.

you are viewing a single comment's thread
view the rest of the comments
[–] bountygiver@lemmy.ml 4 points 2 months ago (1 children)

I doubt Google actually reviews each app submitted line by line of code. So a malicious developer can theoretically sneak it in one popular app via play store updates.

Good thing the point of 2FA is the 2 factor part so this only compromises one of the two, without some very coordinated attack it's still quite hard to gain access to your accounts.

[–] BCsven@lemmy.ca 1 points 2 months ago

Hardware key is the way. Like a Yubikey

Code is generated on another device by using the encryption stored on the hardware key.

Since this app can read screen, you need a non network connected device to act as the key displayer.