A group of researchers have sounded the alarm about possibility of 2 factor authentication codes (2FA) getting compromised due to Pixnapping. It a process through which a maliciously installed app can take a look at what other apps are displaying and it affects a host of Android devices. The research team has published detail of the possible exploit on the site https://www.pixnapping.com/

pixnapping

How does this Really Happen

Essentially what happens here is, a malicious app targets the app which it plans to open and inserts its pixels for rendering. Then it attempts gather information from the sensitive pixels output provided by the target app by utilizing a side channel and tries to infer the information. In lay man terms the malicious app can take screenshot of content that it should otherwise have no access.

Should an Average Android User Worry – Not much if you follow Standard Security Precautions

While the vulnerability seems rather scary for an average user, the malicious app still needs to downloaded and installed. Essentially if you stick to credible apps through the Google Play store and avoid downloading untrusted APKs from random sites, chances of you impacted by it is low. Good part is Google is already aware of the issue and hopefully will take measures to address the vulnerability.