2 min read

aCropalypse now! Cropped and redacted images suffer privacy fail on Google Pixel smartphones


March 22, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
aCropalypse now! Cropped and redacted images suffer privacy fail on Google Pixel smartphones

Have you ever shared a photograph where you've redacted some sensitive information?

Perhaps you've cropped out part of the image you didn't want others to see?

Well, users of Google's Pixel Android smartphone might be alarmed to learn that pictures they've shared in the past may have been less discreet than they imagined.

Security experts Simon Aarons and David Buchanan have revealed that the Markup editing app included on Pixel smartphones to allow users to crop, add text, and draw on images has a serious vulnerability that puts their privacy at risk.

You might imagine that you have placed an opaque black bar over your address or a credit card number in an image, blurred out part of your anatomy, or simply cropped out of the image something that you would rather remain private... but the so-called "aCropalypse" flaw means that edited screenshots were only overwriting the start of PNG files, but not truncating them.

In short, all screenshots edited by Markup from Pixel phones that have been shared for the past five-or-so years might have additional image data recoverable from them.

Researcher Simon Aarons posted an example on Twitter of how the technique was used to restore a photo of credit card uploaded to a Discord channel, whose number was originally redacted using the black marker feature of the Markup tool.

Clearly this is a serious problem.

In the past, we've explained the problem of how weak redaction (by blurring or pixelating text) may be insufficient to keep sensitive information secure, and how tools have been created which can effectively "undo" the redaction to reveal secrets.

For that reason, I've previously recommended that you shouldn't really blur or "swirl" text if you want to hide part of an image - replace the section of the picture with randomly generated noise, or covering the text with an opaque black bar works better.

But the aCropalypse flaw means that sensitive details can still be exposed if you go to that effort.

The flaw in Google Pixel's Markup tool has made the seemingly impossible to be possible.  And to prove their point, the researchers who found the vulnerability have created a demo website where Pixel images can upload their past images to see what might be lurking within.

There is, thankfully, some good news.

Firstly, some social media sites perform their own processing on uploaded images (typically for compression purposes and the stripping of meta data) and this may remove the extraneous information that the creator of the image never imagined was still included.

Furthermore, Google has reportedly fixed the Markup app in its latest Pixel security update.

But, and it's a big but, this does nothing to unshare vulnerable screenshots created and distributed in the last five years. Quite how Google plans to help with that problems remains something of a mystery...

Oh, and before Windows users start to feel a little too smug about the misfortune of their Android-using friends, researcher David Buchanan has just warned that the Snipping Tool and Snip & Sketch cropping tool in Windows 11 and Windows 10 respectively also leak image data in a similar fashion to how aCropalypse occurs on Pixel phones.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like