A vulnerability in the Google Pixel Markup tool can be used to recover redacted and edited screenshots, leading to sensitive information disclosure. Security researchers Simon Aarons and David Buchanan who discovered the exploit for this vulnerability dubbed it the aCropalypse flaw which signifies the ability to restore cropped and edited images to their original state through this exploit. This vulnerability affects all Google Pixel devices that are running Android 9 Pie or later, which is the first version to include the Markup tool. 

This high severity information disclosure vulnerability is tracked as CVE-2023-21036, and has a security patch available to fix it, released in the Android Pixel Updates earlier this month. When the Markup tool is used for image editing, the way the image file is opened causes truncated data to be left behind when the new, edited version of the file is saved. However the data is not always truncated in Android 10 and above. This is due to the edited version of the image being saved as an overwrite of the original image, however the rest of the original image file remains. The original file can therefore be fully recovered, including removing added content and de-cropping of the image. This is because “w” was being used to write to the files rather than “wt”, causing the new image to open without the O_TRUNC flag, meaning the original file is left behind. 

Applying the 2023-03-01 patch level to your Android device will address this vulnerability, however any images edited with the Markup tool before this update is applied will still be recoverable. Although the exploit is currently for Pixel devices, non-Pixel phones using third-party Android firmware that utilise the Markup tool for image editing may also be vulnerable. Keeping devices fully up to date with the most recent security patches can ensure your data is protecting going forward.