Android 'Safety' App Was Actually Spying on People for Years
Catwatchful, an Android app designed to run in stealth mode, was pitched as a way for parents to monitor their children, TechCrunch reported. But the app, which operated outside of the Google Play store, went far beyond basic tracking. It quietly uploaded everything from text messages and photos to real-time location data and ambient audio, all without the victim's knowledge.
A recently discovered security flaw exposed the app's entire customer database, including more than 62,000 email addresses and passwords used by those who installed the spyware. The breach also revealed stolen data from 26,000 victim devices, many located in Mexico, Colombia, India, and other countries in Latin America and South Asia.
Catwatchful relied on physical access to install, allowing it to bypass app store scrutiny. Once active, it was virtually invisible to the user, with a hidden backdoor code to bring it up only when prompted. The app also tapped into device microphones and cameras, pushing the limits of what 'monitoring' software should be allowed to do.
And while the app's victims never saw it coming, the breach also compromised the operation's creator. The database exposed the identity of the developer behind the spyware, linking him directly to the stolen data and Firebase servers hosting it. Attempts to reach him have gone unanswered.
Google, alerted to the breach, said it has added new protections to detect Catwatchful with Play Protect, its built-in Android security scanner. But as of now, the app's backend remains active.
Catwatchful is just the latest in a troubling trend.
Several stalkerware tools have leaked or been hacked this year, reinforcing how insecure and invasive these apps truly are. While marketed as parenting tools, many of them enable covert surveillance in relationships or workplaces, crossing legal and ethical lines.
Android users can check for Catwatchful by dialing 543210 into the phone app. If it appears, it's installed, and it's time to remove it.
In a tech-driven world, the promise of safety often comes with a hidden cost. With Catwatchful exposed, it's clear that in the age of smartphones, the line between protection and intrusion isn't always where you think it is.Android 'Safety' App Was Actually Spying on People for Years first appeared on Men's Journal on Jul 3, 2025
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Washington Post
an hour ago
- Washington Post
Hearing for accused killers of American and Australian surfers delayed again in Mexico
ENSENADA, Mexico — Four Mexicans facing charges in relation to the killing of one American and two Australian surfers last year had yet another preliminary hearing delayed Friday as relatives of the victims looked on via video. The hearing in the Baja California beach city of Ensenada reset hearing dates for the four – two of whom were present, while the other two watched via video from their respective prisons. Brothers Jake and Callum Robinson from Australia and American Jack Carter Rhoad had apparently stopped to surf the breaks between Punta San José, about 50 miles (80 kilometers) south of Ensenada, and La Bocana, further north on the coast in April of last year. They were attacked at their campsite and their bodies were dumped into a well about 4 miles (6 kilometers) away. The hearing did confirm that the cases of the four accused will advance separately. The man facing the most serious charges had his hearing rescheduled for Aug. 9, while the other three were set for Nov. 13, to give them more time to try to reach deals with prosecutors.
Yahoo
2 hours ago
- Yahoo
Emilie Kiser's Husband Brady Won't Be Charged with Felony Child Abuse in Son's Drowning, Despite Police Recommendation
Brady was home at the time of his 3-year-old son Trigg's fatal drowning accident Emilie Kiser's husband Brady will not face child abuse charges in the death of their 3-year-old son, Trigg. The Maricopa County Attorney's Office announced the decision in a statement on Friday, July 25, and said that there is "no likelihood of conviction" against Brady. "Every case submitted to the Maricopa County Attorney's Office is evaluated using the same standard: whether there is a 'reasonable likelihood of conviction,' " the MCAO continued in part. "After careful review of the evidence submitted by Chandler PD, it was determined this case does not meet that standard. MCAO's review of the case involved the attorneys assigned to it, along with highly experienced senior attorneys and the County Attorney herself." 'We are grateful to law enforcement and the county attorney for conducting a thorough investigation and confirming that this was a tragic accident," Kiser's attorney Flynn Carey says in a statement shared with PEOPLE. "Brady remains in the midst of the grieving process and is thankful to be with his family as they heal together. We appreciate the compassion and support shown during this difficult time.' On May 18, a spokesperson for the Chandler Police Department (CPD) confirmed to PEOPLE that Trigg died six days after he was hospitalized for a drowning accident in the Kisers' backyard. Authorities responded to a drowning call on May 12. The toddler died on May 18, per the statement. On Tuesday, July 15, Chandler police announced that their investigation into Trigg's death was completed. The department shared an update to X, which also detailed investigators' recommendation that Brady be tried for a class 4 felony charge of child abuse. The referral came nearly two months after AZ Central reported that Brady told police he was at home with Trigg and their newborn son, Theodore, when the older child fell into the pool. Emilie was out with friends at the time of the tragedy, Brady stated. He said he lost sight of Trigg for three to five minutes; upon returning to their yard, he discovered the toddler floating in the pool, according to CPD search warrant applications. Emilie — who has 1.7 million Instagram followers — filed a lawsuit on Tuesday, May 27, in Arizona Superior Court for Maricopa County to keep records about Trigg's death out of public view, according to court documents. The filing stated that the City of Chandler and the Maricopa County Medical Examiner's Office has received over 100 requests for access to public records related to the incident. On June 3, the Arizona Superior Court for Maricopa County ruled in the influencer's favor on a separate motion, she filed to keep her personal declaration private. The court order granted Kiser temporary confidentiality on both her declaration and her larger request for privacy while the court reviews evidence to make a final ruling. A source told PEOPLE exclusively that Kiser's personal declaration "reflects an intensely personal account of her grief and trauma, submitted to help the court understand her perspective — not for public consumption." Read the original article on People
Los Angeles Times
2 hours ago
- Los Angeles Times
Meta clashes with Apple, Google over age check legislation
The biggest tech companies are warring over who's responsible for children's safety online, with billions of dollars in fines on the line as states rapidly pass conflicting laws requiring companies to verify users' ages. The struggle has pitted Meta Platforms Inc. and other app developers against Apple Inc. and Alphabet Inc.'s Google, the world's largest app stores. Lobbyists for both sides are moving from state to state, working to water down or redirect the legislation to minimize their clients' risks. This year alone, at least three states — Utah, Texas and Louisiana — passed legislation requiring tech companies to authenticate users' ages, secure parental consent for anyone under 18 and ensure minors are protected from potentially harmful digital experiences. Now, lobbyists for all three companies are flooding into South Carolina and Ohio, the next possible states to consider such legislation. The debate has taken on new importance after the Supreme Court this summer ruled age verification laws are constitutional in some instances. A tech group on Wednesday petitioned the Supreme Court to block a social media age verification law in Mississippi, teeing up a highly consequential decision in the next few weeks. Child advocates say holding tech companies responsible for verifying the ages of their users is key to creating a safer online experience for minors. Parents and advocates have alleged the social media platforms funnel children into unsafe and toxic online spaces, exposing young people to harmful content about self harm, eating disorders, drug abuse and more. Meta supporters argue the app stores should be responsible for figuring out whether minors are accessing inappropriate content, comparing the app store to a liquor store that checks patrons' IDs. Apple and Google, meanwhile, argue age verification laws violate children's privacy and argue the individual apps are better-positioned to do age checks. Apple said it's more accurate to describe the app store as a mall and Meta as the liquor store. The three new state laws put the responsibility on app stores, signaling Meta's arguments are gaining traction. The company lobbied in support of the Utah and Louisiana laws putting the onus on Apple and Google for tracking their users' ages. Similar Meta-backed proposals have been introduced in 20 states. Federal legislation proposed by Republican Senator Mike Lee of Utah would hold the app stores accountable for verifying users' ages. Still, Meta's track record in its state campaigns is mixed. At least eight states have passed laws since 2024 forcing social media platforms to verify users' ages and protect minors online. Apple and Google have mobilized dozens of lobbyists across those states to argue that Meta is shirking responsibility for protecting children. 'We see the legislation being pushed by Meta as an effort to offload their own responsibilities to keep kids safe,' said Google spokesperson Danielle Cohen. 'These proposals introduce new risks to the privacy of minors, without actually addressing the harms that are inspiring lawmakers to act.' Meta spokesperson Rachel Holland countered that the company is supporting the approach favored by parents who want to keep their children safe online. 'Parents want a one-stop-shop to oversee their teen's online lives and 80% of American parents and bipartisan lawmakers across 20 states and the federal government agree that app stores are best positioned to provide this,' Holland said. As the regulation patchwork continues to take shape, the companies have each taken voluntary steps to protect children online. Meta has implemented new protections to restrict teens from accessing 'sensitive' content, like posts related to suicide, self-harm and eating disorders. Apple created 'Child Accounts,' which give parents more control over their children's' online activity. At Apple, spokesperson Peter Ajemian said it 'soon will release our new age assurance feature that empowers parents to share their child's age range with apps without disclosing sensitive information.' As the lobbying battle over age verification heats up, influential big tech groups are splintering and new ones emerging. Meta last year left Chamber of Progress, a liberal-leaning tech group that counts Apple and Google as members. Since then, the chamber, which is led by a former Google lobbyist and brands itself as the Democratic-aligned voice for the tech industry, has grown more aggressive in its advocacy against all age verification bills. 'I understand the temptation within a company to try to redirect policymakers towards the company's rivals, but ultimately most legislators don't want to intervene in a squabble between big tech giants,' said Chamber of Progress CEO Adam Kovacevich. Meta tried unsuccessfully to convince another major tech trade group, the Computer & Communications Industry Association, to stop working against bills Meta supports, two people familiar with the dynamics said. Meta, a CCIA member, acknowledged it doesn't always agree with the association. Meta is also still a member of NetChoice, which opposes all age verification laws no matter who's responsible. The group currently has 10 active lawsuits on the matter, including battling some of Meta's preferred laws. The disagreements have prompted some of the companies to form entirely new lobbying outfits. Meta in April teamed up with Spotify Technology SA and Match Group Inc. to launch a coalition aimed at taking on Apple and Google, including over the issue of age verification. Meta is also helping to fund the Digital Childhood Alliance, a coalition of conservative groups leading efforts to pass app-store age verification, according to three people familiar with the funding. Neither the Digital Childhood Alliance nor Meta responded directly to questions about whether Meta is funding the group. But Meta said it has collaborated with Digital Childhood Alliance. The group's executive director, Casey Stefanski, said it includes more than 100 organizations and child safety advocates who are pushing for more legislation that puts responsibility on the app stores. Stefanski said the Digital Childhood Alliance has met with Google 'several times' to share their concerns about the app store in recent months. The App Association, a group backed by Apple, has been running ads in Texas, Alabama, Louisiana and Ohio arguing that the app store age verification bills are backed by porn websites and companies. The adult entertainment industry's main lobby said it is not pushing for the bills; pornography is mostly banned from app stores. 'This one-size fits all approach is built to solve problems social media platforms have with their systems while making our members, small tech companies and app developers, collateral damage,' said App Association spokesperson Jack Fleming. In South Carolina and Ohio, there are competing proposals placing different levels of responsibility on the app stores and developers. That could end with more stringent legislation that makes neither side happy. 'When big tech acts as a monolith, that's when things die,' said Joel Thayer, a supporter of the app store age verification bills. 'But when they start breaking up that concentration of influence, all the sudden good things start happening because the reality is, these guys are just a hair's breath away from eating each other alive.' Birnbaum writes for Bloomberg.
