Why a single pixel on this wallpaper crashes Android phones?

Recently a vulnerability in Android 10 was exposed, when a simple photograph of St Mary Lake in Glacier National Park, Montana, set as wallpaper caused smartphone screens to turn on and off unceasingly, making some handsets unusable. Phones with the image (above) used as wallpaper stuck in a bootloop and users were compelled to reset their phone to get rid of it.

There was a lot of hue and cry as to why this was happening. While most believed the “cursed” image would have more to tell – it turned out that the color profile of the image exceeded the bounds of what Android can handle just by a pixel, which made phones behave the way they did when the image was set as wallpaper.

The happening

The bug was first brought to light when Ice Universe, a twitter handle known for Samsung-related leaks, tweeted this image that caused the issue. Warning others that “setting the picture as wallpaper on Samsung phones especially will cause them to crash.” This should have been a deterrent, but we live in a crazy world. People mistook it for a prank and ended up with their phone’s screen flashing repeatedly and not booting up.

Setting the image as wallpaper on the phone caused it to crash and soft-brick – a state when the device tries to boot, but fails and restarts the booting process repeatedly. This bootloop cannot be broken until the phone is factory reset in safe mode, which means the phone data is completely lost. Some users were however able to enter safe mode and delete the picture from the photo gallery and set the wallpaper to default, and then restart the phone to work normally.

What this folly revealed was that this issues was not Samsung centric, other smartphones including Google Pixel running Android 10 or older were also crashing. Some users even reported some OnePlus, Nokia and Xiaomi phone models. In their testing Android Authority said, Huawei Mate 20 didn’t have a problem and even the Pixel 4 XL running Android 11 tested by 9to5Google remained unaffected.

The ‘cursed’ image

Shot on a Nokia camera in August 2019 by scientist and photographer Gaurav Agrawal; this photo was edited in the Lightroom and then exported in the “ProPhoto RGB” format instead of standard sRGB, where it is believed the story started. Gaurav uploaded the photo to his Flicker profile with over 10,000 followers expecting it to ‘go viral for a good reason’ – Fate had it otherwise.

The image was everywhere in the headlines for crashing phones when used as wallpaper. Gaurav came out about it – in conversation with BBC he said, “I didn’t do anything intentionally.” “I didn’t know the format would do this,” he added. Interestingly, the photo triggered the bug when set as wallpaper only – it didn’t cause any problems to the handset when in the Google Photos app.

It can be luring to try setting the image as wallpaper on the phone. We strongly recommend against it; but if you still want this very wallpaper, there are certain observations you can try (at your own risk). For instance, take a screenshot of the image and use it as the wallpaper – do not use the image downloaded directly.

The explanation

It is almost predictable that the image somehow interferes with the fundamentals of Android wallpaper engine; and that it is not created purposely to take advantage of some vulnerability in the OS – as earlier predicted – image loosely referred as ‘a malware for Android.’

The picture basically didn’t fair too well with Samsung and Google Pixel phones, this is because they employ the default Android color engine that uses sRGB color space instead of RGB color space that the image uses. When a user tries to set as wallpaper an image which is RGB and not sRGB the bootloop is triggered – the ImageProcessorHelper class crashes as a variable used to access an array crosses the array bounds.

This image is encoded in a color space Google/Skia/E3CADAB7BD3DE5E3436874D2A9DEE126 instead of the usual sRGB, which probably creates more color information than some devices can handle. What happens is that sRGB is limited color space – maximum index is 255; when the variable y value exceeds the histogram bounds, the phone crashes. Considerable fixes – contain y value to <256 always, or add a line (y > 255) y = 255 to the code.

The color/luminance value of the pixels is calculated using the formula: Luminance = .2126f * r + .7152f * g + .0722f * b. R, G. B’s value usually varies but in this image – for a particular pixel in the clouds – the sum exceeds 255 creating out of bounds exception which SystemUI treats fatal and puts the phone into an infinite loop of crashes. This issue happens because of round-up logic in the OS, which gives a higher integer value. In this case its only 256 but the end result is not handled well by Android.

9to5Google’s Dylan Roussel finds this rounding up logic is limited to phones running Android 10 or older. His testing with Pixel 4 XL running on Android 11, which remained unaffected on using the image as wallpaper, it doesn’t affect devices with Android 11. This is because unlike in Android 10, on Android 11 the system converts color space if it is not supported.

Clearly then, the main cause of “cursed” image wallpaper is the way the color/luminance is calculated. Google is reportedly conducting an internal review; we may see a fix for such vulnerability (which could be used for nefarious acts) in Android 10 or older versions soon.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: