The Google Pixel bug is ready to unredact your screenshot.

Image Credit: XDA Developers With the introduction of Android 9.0 Pie, Pixel phones got a built-in screenshot editor called "Markup" in 2018. The tool appears whenever you take a screenshot, and tapping the app's pen icon gives you access to tools like cropping and a few different colored drawing pens. It is possible to uncrop or unredact Pixel screenshots taken over the previous four years, which is very convenient assuming Google's Markup tool does what it says. However, a recent vulnerability shows that the edits made by this tool were not actually destructive. The bug, which is known as "Acropalypse" or more formally CVE-2023-21036, was found by Simon Aarons. In acropalypse, there is a proof-of-concept app that can unredact Pixel screenshots. There is also a good technical write-up here by David Buchanan, a collaborator of Aarons, and it works. The main issue is that Google's screenshot editor replaces your newly edited screenshot with the original screenshot file without truncating or recompressing it in any way. With the crop tool, it is very simple to reduce the file size of your edited screenshot from the original, but doing so results in a PNG with a lot of extra junk data hidden at the end. The final fragments of your original screenshot make up that junk data, which is retrievable. That seems like a bad way to create a screenshot cropping tool, but to Google's credit, the Markup tool's Android 9 release truncated the overwritten file and functioned as intended. Though the way file storage in Android was implemented under Android 10 underwent many significant "Scoped Storage" changes, it is unclear how or why this occurred, but possibly as part of that massive wave of file-handling commits, one undocumented change made it into the Android Framework file parser: the Framework's "write" mode stopped truncating overwritten files, and the bug in Markup was created. The Markup tool was dependent on the OS's file handling, and a later release changed the way it operated—apparently without anyone noticing. The acropalypse proof-of-concept tool is excellent. If you have an unpatched Pixel device, you may crop a screenshot, feed it into the program, and retrieve the uncropped data. It is not perfect; typically, you will receive a severely corrupted PNG with a large blank area followed by a strip of odd colors, but you can usually recover the bottom third of a cropped image. The flaw was addressed in the security patch released for Pixel devices in March 2023, where it was classified as a "High" security vulnerability. The Google Photos editor, which saves JPGs by creating a new copy, was unaffected by this; only the Pixel screenshot editor, which saves PNGs by overwriting them, would be affected. In general, cropped screenshots are more dangerous than cropped camera photos, unless you were acting strangely and taking a screenshot of your camera's output. Read More: However, simply fixing the bug for future users does not take care of the issue. There is also the issue of the four years' worth of Pixel screenshots that are publicly available and might contain private information that users were not aware they were sharing. Depending on who is hosting the screenshot, if you have shared it publicly, it may or may not be leaking data. Some applications, such as Twitter, recompress any uploaded files, which removes the hidden information in your screenshot. A third party could uncrop your screenshot if an app shared the original file instead. A lot of other messaging apps most likely share the original file as well. Notably, Discord is confirmed to do this.