Google Pixel Privacy nightmare: redacted or cropped screenshots may be recovered (partially)
Google Pixel owners who have used the built-in screenshot functionality and uploaded some of the screenshots to the Internet face a potential privacy disaster. Due to the way redacted or cropped screenshots are saved on Pixel devices, it is possible to recover the original unredacted image.
Named Aprocalypse by security researcher Simon Aarons, it is a serious issue that could lead to personal information being exposed on the Internet. To name a few examples: a screenshot of a credit card with a redacted number could reveal the number, a user who cropped an image to hide parts of it, could find that image being restored to full, and a user who published a screenshot with redacted address information could discover that the address may be revealed after all.
A demo site is available already that demonstrates the image recovery functionality. It seems to work with all recent Pixel devices, from the latest Pixel 7 Pro to Pixel 3. There is also an option to set a custom resolution for the image, which may then work with other Pixel devices as well.
Anyone with access to a Pixel screenshot that has been cropped or redacted may use the demo site to try and recover it. All image processing is done client side, according to the developers of the demo site.
Pixel device owners may use it to find out if their screenshots are affected by the issue. Here is a sample file that shows how the recovery works. Download it from this location and select Pixel 6a as the device.
A blog post on David Buchanan's blog provides details on the vulnerability, which is tracked as CVE-2023-21036. Aarons and Buchanan discovered that Google Pixel devices were overwriting cropped or redacted screenshots on the mobile devices with the new version, but not touching the "rest of the original file". This means, that the data is still on the device, and that it could potentially be restored.
The blog post is technical in nature, but it provides insight on how the issue was discovered and how it can be exploited. Without going into too many details, all that is required to detect if original image data is still available is to run basic checks on the image.
David Buchanan mentions that he wrote a simple script to parse all of his messages with screenshots on Discord to find out if any of them were vulnerable. Turns out, many were vulnerable, but most did not reveal private information. Still, one image, which showed the confirmation of an eBay order, could be restored to show the author's full postal address.
Google seems to be aware of the issue, but it is too early to tell how the company will react to it. Besides plugging the vulnerability, the company somehow has to address the elephant in the room: that fixing the vulnerability does not protect already uploaded or created images from being analyzed and recovered.
Not all images taken on Pixel devices and uploaded to the Internet are affected by the issue. Some Internet services and apps remove excess data from images before publishing the images. Images published on these services are not affected, as the original image is removed during the process by the service in question.
Still, depending on where an image was uploaded to or who it was shared with, it could lead to serious privacy issues for Pixel owners.
What Pixel owners may do
The very first thing is to analyze if there are potential privacy issues. If Google's tool was used to redact or crop images, and if these redacted or cropped bits contained sensitive information, and if the data was shared or uploaded, then there is a good chance that the issue affects the user.
The demo site may be used to test the images that could potentially leak private information. Getting the images off of the Internet is the hard part. Some images may be deleted, if the user has still control over them; this may work on personal websites, social media sites and forums. There is still the chance that the image was copied or downloaded by others, and there is little that one can do about that, unfortunately.
Affected Pixel owners may want to pull screenshots, which they edited on the device to redact or crop private information or sensitive parts and uploaded to a public place, from that place, if possible.
Now You: are you affected by the issue?