'Acropalypse' Vulnerability Shows Why You Should Never Trust Software Redactions

Years of previously-shared photos may be vulnerable

By
Charlie Sorrel
Charlie Sorrel
Charlie Sorrel
Senior Tech Reporter
Charlie Sorrel has been writing about technology, and its effects on society and the planet, for 13 years.
lifewire's editorial guidelines
Published on March 23, 2023 09:40AM EDT
Fact checked by
Jerri Ledford
Jerri Ledford
Fact checked by Jerri Ledford
  • Western Kentucky University
  • Gulf Coast Community College
Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others.
lifewire's fact checking process
  • Crops and redactions using Google's Pixel Markup tool can easily be reversed. 
  • The exploit has been patched, but that can't protect the images you already shared. 
  • It's pretty easy to protect yourself in the future.
Professional photographer editing images on a desktop computer.

gorodenkoff / Getty Images

Google's latest privacy hole lets people undo redactions and crops in shared screenshots. The worst part is that this kind of thing is far from new. 

If you have ever sent anybody a cropped or redacted image from your Google Pixel phone, then they can potentially uncrop and un-redact that image, seeing whatever it was you wanted to hide from them. Google has just patched this vulnerability, but that won't help to protect the millions of images already out there. It's a privacy nightmare, and it will probably happen again. 

"While it is concerning that a glitch in Google Pixel's redaction tool allowed users to undo screenshot edits and redactions, it is important not to dismiss all redaction tools based on this isolated incident," attorney Min Hwan Ahn told Lifewire via email. "Redaction tools can be reliable, but like any software, they are susceptible to bugs and vulnerabilities. [By taking] precautions and staying informed about potential vulnerabilities in the digital landscape, you can significantly reduce risks associated with using redaction tools or any other privacy-sensitive software applications."

Privacy Nightmare

The exploit, dubbed acropalypse, exploits a flaw in the Pixel's built-in Markup tool. Essentially, when you crop and redact an image and send it, the original is sent rather than a flattened copy. This means that, down the line, anyone with the know-how can see what you want to hide. 

Redaction tools can be reliable, but like any software, they are susceptible to bugs and vulnerabilities.

Now that the exploit is public, we can probably expect bad actors to trawl the internet for images from Pixel phones and bulk-process them to try to unlock their secrets. It's not quite as bad as it seems. Some websites, like Twitter, for example, may process images before publishing them, which could block the exploit. The researchers who discovered this exploit, Simon Aarons and David Buchanan, have not yet shared their promised FAQ, but my guess is that those sites are resizing the images, and therefore saving new, safe versions. 

Self Protection

This brings us to how you might protect yourself in the future. Job one is always to be aware of what you are sharing. For example, every image you share from your iPhone will be sent with its location data intact. You have to manually disable location sharing every time you send a picture, and there is no way to tell the iPhone not to share it by default. If you're uploading images to online classified ad sites, for example, you should be very aware of this "feature."

Then, remember never to trust redaction tools. Make your redactions, and then take a new screenshot of that redacted version. This screenshot is just pixels and cannot be reversed. If you're really paranoid, use another camera to actually snap a photo of your phone's screen.

If you are working with PDFs, you can do the same. Take a screenshot with your Mac or PC, or export the PDF as a JPG and share that instead. Even better, although this seems old-fashioned, share a printed version instead of an electronic version. The recipient will have to scan it to put it into a computer, so it's much more likely they'll just file it offline. 

Closeup on a redacted document.

Christopher Ames / Getty Images

A History of Violations

This is not the first un-cropping exploit, either. Say you decide to crop that nude selfie to use the face on your resume because you look so professional. That's fine, but make sure you don't send the original Word document or similar because the recipient may again be able to reverse that crop. And it's not just images, either. 

"This reminds me of the old Microsoft Word issue where if you had it set to 'fast save' it would leave deleted text in the file. Sometimes there even seemed to be chunks of unzeroed content from other apps' deleted files," writes software developer and tech blogger Michael Tsai on his blog

In the end, you just have to be aware that it's very hard to tell whether digital tools have actually removed sensitive data. It's nice to be able to return to a photo anytime in the future and revert your bad editing decisions, but as we have seen over and over, convenience is often the enemy of privacy and security.

Was this page helpful?