By this time, you must have heard about this wallpaper that crashes Android phones, right? If you haven’t, join the clout. Here’s the image for you:

The above image, when directly downloaded from Google Images, causes Android phones (including Google Pixel phones) to crash.

What is malware?

Before we go into technical details of this picture, let’s try to understand what is malware. It is an umbrella term for malicious software and includes virus, trojan, ransomware, keyloggers, spyware, adware, worms, etc. Computer systems and mobile devices alike can be infected by malware.

Depending upon the type of malware, the exact motive may vary. However, the common ground between all of them is that they all are developed with the intent to destroy and destruct. But, why is this important in the context of this picture?

How are malware and this image related?

Once this image is set as a wallpaper, an Android phone crashes which leads one to believe that the image creator may have malicious intent. Though some mobile phones can be rebooted and used in safe mode after the crash, certain mobile phones have not been able to recover. In such a situation, it becomes reasonable to think that there is some code embedded in the image that has caused the phone to crash.

If you take the screenshot of this image and set it as wallpaper, the phone does not crash. Generally, malware spreads through email attachments, free drive-by downloads, and malicious links. While in the case of this image, users are voluntarily downloading the image without any external influence. If the image had been malware altogether, the phone would have crashed as soon the image was downloaded and opened. If you think it from an attacker’s perspective, why would they wait for the user to set the image as wallpaper when they can crash the phone as soon as the image is downloaded?

Image Composition

After doing a bit of reverse image search, the original source of this image can be located here. If you see the image properties, it shows that image has been taken from a Nikon D850 camera. The colour space and colour profile are RGB and ProPhoto RGB respectively.

Every mobile device has its own capability with respect to the composition of RGB colours it can display. And this is exactly the reason for the crash.

If you see colour space for different colour profiles given above, the smallest triangle in the right-hand side is what Android-based mobile phones are capable of. Adobe RGB and ProPhoto RGB are wider colour spaces that are not supported by Android phones. As we saw above, the colour profile for this image is ProPhoto RGB which is beyond the capabilities of Android phones.

An android phone’s display works on the following formula

0.2126 * Red + 0.7152* Green + 0.0722 * Blue

This formula for proportionate division of RGB colours is based on how quickly human eyes notice a colour. The maximum value that can be derived from this formula for Android phones is approximately 255.

For all the pixels in this image except one, the value is less than 255. However, for one particular pixel, R is 255, G is 255, and B is 243. When these values are put into the above formula, we get

= 255 * 0.2126 + 255 * 0.7152 * 255 * 0.0722

Considering that Android components round off each component value before finally adding them,

= 55 + 183 + 18

= 256

As this value goes beyond 255, Android phones are crashing.

Ending Notes

Most probably, this image is not a piece of malware. Note the most probably here because nothing can be said absolutely while talking about cyber security. This round-off of component value leads to a crash and it is definitely one of the latest known shortcomings of Android phones, including Google Pixel phones. While this incident was initially reported, there was a lot of fake news being shared. I hope that this article clarifies what is exactly happening.

---

To receive regular updates from our WhatsApp Helpline, drop a message with your name and city here: +91 9340337396.

Join our Telegram channel here: https://t.me/incyberblog.