Introducing acropalypse: a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. Huge thanks to for his help throughout!
Conversation
been playing around with this myself. it's pretty nasty, though thankfully most social media, Discord included, reprocess images sufficiently to remove the data android erroneously left at the end
3
151
they do now, but unfortunately screenshots uploaded before January on Discord are vulnerable as the fix isn't retroactive
2
7
212
ah yep! just checked some images uploaded to discord from a bit back and they've got the issue
2
27
so if I understand correctly: Discord implemented a fix but uploaded images on their CDN from a while ago are still vulnerable?
1
1
10
Yes, but it might not be a "fix" exactly, just a change that happened to mitigate it. (I have no idea whether Discord knew about the vuln at the time - either they read my DMs or Google told them, lol)
1
32
That's possible to do without trailing data tho (maybe I should show them how it's done, lol)
1
9