Although we don’t usually pay attention to security issues on Android and Windows devices, one caught our eye this week. Dubbed “acropalypse,” it affects photos and screenshots that have been cropped using software built into Pixel phones and Windows 11 PCs.
As discovered by programmer Simon Aarons, the bug is weird. Looking at photos cropped by the Pixel phones-exclusive markup tool, Aarons discovered that the information that was meant to be cropped was not actually removed from the image and could be retrieved with a few light steps. He even built a quick demo app to demonstrate.
As if that weren’t enough, a similar bug has been discovered by Chris Blume And confirmed by David Buchanan which affects the Snipping Tool in Windows 11. A screenshot cropped with the Windows Snipping Tool and saved over the original will not show the cropped area, but also will not completely remove it.
As Blume explains, “I opened a 198-byte PNG file with Microsoft’s snipping tool, chose ‘Save As’ to overwrite a different PNG file (unmodified), and saved a 4762 byte file with all that extra after the PNG IEND block.” This means that the smaller cropped file is actually bigger than the original image.
Like the Pixel bug, this data can be recovered with little effort. Most of the time, the cropped part is probably not very important, but it could be something sensitive or embarrassing that the user wouldn’t want anyone else to see.
Microsoft and Google are expected to release patches to address the vulnerability in an upcoming update. It’s unclear if the bugs affecting Pixel phones and Windows PCs are related or just coincidence, but we’re sure of one thing: Apple devices aren’t affected.
Mac and iPhone users need not worry about the “acropalypse” bug spreading to iPhones and Macs. We tested several cropped images using the Mac’s Snipping Tool and the Photo Crop Tool on the iPhone and in all cases the cropped photos were significantly smaller than the original image, which means the data has been appropriately removed.
So crop. And maybe ask your Windows friends if you can help them out while you’re at it.
