A Note on Our Content: We believe in the value of human expertise. All insights and research presented here are originally crafted by our team, though we utilize Artificial Intelligence to refine our phrasing and ensure the highest standard of English clarity. If you would like to discuss these topics further, we invite you to join our weekly webinar every Tuesday for live Q&A and deep dives.
A recent discovery by academics at Texas A&M University has unveiled a concerning new vulnerability dubbed ‘SnoopLens.’ This sophisticated side-channel attack could potentially allow for real-time tracking of user activity within major messaging apps like WhatsApp, Signal, and Threema—all by exploiting the hardware sensors already inside your pocket.
What is the SnoopLens Flaw?
The SnoopLens attack operates by leveraging your smartphone’s gyroscope and accelerometer combined with in-app browser functionality.
Here is the breakdown of the vulnerability:
The Trap: An attacker sends a link.
The Trigger: When a user clicks the link within a chat, the app opens it using an internal “webview” (in-app browser) rather than an external browser like Chrome or Safari.
The Exploit: Researchers found that this webview often retains access to the phone’s motion sensors.
The Data: Specific actions—like typing a message, scrolling through a chat history, or switching conversations—create unique physical vibration patterns.
How the Attack Works
Once a malicious link is loaded in the background, the webpage can continuously harvest sensor data. By analyzing the subtle movements and micro-vibrations your phone makes while you use it, an attacker can infer a surprising amount of data, including:
Typing Speed & Patterns: Potentially identifying who is typing.
Message Length: Inferring the size of the content being sent.
Navigation: Tracking how much you are scrolling or switching between chats.
Beyond privacy intrusion, the continuous access to sensors required for this attack can also lead to significant and noticeable battery drain.
Which Apps Are Affected?
The study specifically highlighted the following apps as vulnerable due to their implementation of in-app browsers and sensor permissions:
WhatsApp
Signal
Threema
Additionally, certain Android keyboard apps were found to be susceptible to similar inference attacks.
The Research Behind the Discovery
This flaw was detailed in a paper titled ‘SnoopLens: Real-time Spying on Mobile Messaging Applications via In-app Browsers’ by Mengyuan Li and colleagues from Texas A&M University.
Their findings highlight a critical oversight in mobile architecture: how webviews interact with system sensors. It creates an unexpected avenue for privacy intrusion where none should exist. For those interested in the technical deep dive, the full research paper is available on arXiv.
Mitigation: What Can Be Done?
While this is a complex vulnerability that largely requires a fix from app developers, there are steps users can take.
For Users: The standard security advice is more relevant than ever—be extremely wary of clicking suspicious or unknown links, even if they appear to come from trusted contacts. If you must open a link, try to copy and paste it into a standard external browser (like Chrome or Firefox) rather than using the in-app webview.
For Developers: The researchers recommend implementing stricter access policies. This involves revoking or sandboxing JavaScript access to motion sensors within webviews so that external sites cannot “feel” what the user is doing in the main app.
To see our team in action, please join us for our weekly webinar every Tuesday.