A team of researchers at Carnegie Mellon University has identified a new attack method that can allow malicious applications to steal sensitive data from Android devices.
Named Pixnapping, the attack has been demonstrated against Google and Samsung phones. Google has released one patch for the Android operating system and is working on an additional fix to protect devices against potential attacks.
In order to launch a Pixnapping attack, an attacker has to trick the targeted user into installing a malicious application on their Android phone. The malicious app does not need any Android permissions in order to conduct an attack.
https://www.securityweek.com/pixnapping ... id-phones/