Masquerading Android Safety App CatWatchful Caught Exposing User Data

A few weeks ago, we warned about the security dangers posed by stalkerware apps. We specifically mentioned that they are not only dangerous for victims, but also for stalkers, and a newly published report only reinforces those claims. Security researchers have found that the Catwatchful stalkerware app exposes sensitive information on Android devices.

To clarify, we refer to anyone who installs a stalkerware app to monitor another person's activities as the "stalker" and anyone being monitored as the "victim". The gist is that Catwatchful stalkerware prides itself on its ability to stay undetected on smartphones. It secretly collects private information, such as the victims' photos, messages, and real-time location data. It can also eavesdrop on conversations and access the front and rear cameras of victims' phones. All this information is uploaded to a dashboard that can be accessed by the person controlling the spyware.

According to security researchers, the database of the Catwatchful stalkerware app, containing the passwords and emails of more than 62,000 stalkers and administrators' sensitive information, has been exposed to the public. The vulnerability that led to this compromise has reportedly impacted over 26,000 smartphones.


This is a stark reminder that apps claiming to offer intrusive monitoring capabilities should never be fully trusted. This is even more important considering that such apps are banned from official app stores because they breach privacy and security policies. The perceived benefits they may offer to some users are often marred by the potential harm they can cause. It's probably not worth messing with them, if it can be avoided.

Thankfully, since the Catwatchful stalkerware app has been exposed, Google has enhanced Google Play Protect to alert users when it discovers the app or its installer on their devices.