Conversation

Introducing acropalypse: a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. Huge thanks to for his help throughout!
Image
163
9,551
been playing around with this myself. it's pretty nasty, though thankfully most social media, Discord included, reprocess images sufficiently to remove the data android erroneously left at the end
3
151
they do now, but unfortunately screenshots uploaded before January on Discord are vulnerable as the fix isn't retroactive
2
212
so if I understand correctly: Discord implemented a fix but uploaded images on their CDN from a while ago are still vulnerable?
1
10
Yes, but it might not be a "fix" exactly, just a change that happened to mitigate it. (I have no idea whether Discord knew about the vuln at the time - either they read my DMs or Google told them, lol)
1
32