Privacy Leak in Google Pixel and Windows Screenshot Tools: Overwritten Image Data Reveals Hidden Information

Last week a foreign media outlet reported a privacy‑related issue in Google’s Pixel phone screenshot tool called “Markup”. The tool can leak previously cropped parts of an image when a new PNG is saved over an older one.

Programmer Simon Aarons created a detection program called Acropalypse that, given the Pixel model and the Markup‑cropped image, can recover the omitted information. Tests on a Pixel 4 confirmed the vulnerability.

The same flaw was later reproduced on Windows using the native screenshot tool, meaning the issue affects a far larger user base.

This problem is serious because many users assume that cropped screenshots no longer contain the hidden data.

The root cause is not a flaw in the PNG standard but the way both tools handle file overwriting: they write the new image at the beginning of the file without truncating the old data. If the new file is smaller, leftover bytes from the previous image remain and can be recovered.

Standard PNG decoders stop reading at the end of the new file, ignoring the residual data, which makes the leak hard to detect without specialized analysis.

On Android, a undocumented change to the file‑read/write API between Android 9 and Android 10 caused the old code to stop deleting the previous file correctly. On Windows, the default behavior of the overwrite API leaves old data unless the caller explicitly requests deletion.

Both bugs were recently patched, but the underlying design mistake remains a cautionary tale for large platforms.

The issue also extends to JPG files, where similar overwriting can leave enough data to reconstruct the original image with only minor artifacts.

To mitigate such risks, many services re‑encode uploaded images, stripping any hidden data, while platforms that allow downloading the original file (e.g., WeChat, Discord) may still expose it.

In summary, the Google and Microsoft screenshot bugs are widespread, simple in cause, and potentially severe if not properly controlled, underscoring the need for rigorous code review and safer file‑handling practices.