Google ‘acropalypse’ lets users see hidden parts of images

Google Pixel owners may have their private information exposed after researchers discovered a security flaw with the phone’s picture editing feature.

Dubbed the ‘acropalypse’, the vulnerability allows people to recover hidden parts of an image that have been cropped out by Pixel phone users.

Cropped screenshots could contain anything from credit card numbers to private photos, experts warn.

Google has since fixed the problem but any photo edited through the Markup tool prior to the patch being issued is still at risk of being reverse edited.

Engineers Simon Aarons and David Buchanan warned that the issue first emerged around five years when Google released the Android 9 Pie mobile operating system.

Photos shared on social media could be vulnerable to the exploit, with an example given of a cropped image of a credit card shared to Discord that had been cropped and edited using Google Pixel’s Markup tool.

Using the trick, the engineers were able to uncrop and reveal the credit card’s number.

Mr Aaronds shared their findings of the bug in a detailed blog post.

The pair described it as “a serious privacy vulnerability in the Google Pixel’s inbuilt screenshot editing tool Markup” that allows “partial recovery of the original, unedited image data of a cropped and/or redacted screenshot”.

Mr Buchanan revealed that his own data is at risk through the vulnerability, having owned a Google Pixel 3XL and used Discord.

“The worst instance was when I posted a cropped screenshot of an eBay order confirmation email, showing the product I’d just bought,” he wrote.

“Through the exploit, I was able to un-crop that screenshot, revealing my full postal address (which was also present in the email). That’s pretty bad!”

The Independent has contacted Google for more information on which phones and Pixel users may still be at risk.