So long as you download and install a compromised app first.

Dubbed “Pixnapping,” this attack vector begins when a victim unknowingly installs a malicious mobile application on their Android smartphone. -Pixnapping could be used to steal private data, including 2FA codes. -Side-channel attack abuses Google Android APIs to steal data on display. -Flaw is partially patched, although a more complete fix is due in December.