Google Hosts Phone Spyware

Google Hosts Phone Spyware

25 July 2025

Google has suspended the Firebase account of Catwatchful, a spyware operation that used Google's servers to host and run its surveillance app. The app stealthily monitored thousands of phones. Catwatchful, disguised as a generic 'Settings' app, secretly harvested data, including text messages, photos, real-time location, and ambient audio.

The spyware, which required physical access to install, operated outside the Google Play Store. Once installed, it was virtually undetectable, employing a hidden backdoor code. A security flaw exposed Catwatchful's entire customer database, revealing over 62,000 email addresses and passwords. The breach also compromised the operation's administrator, exposing their identity. The majority of compromised devices were located in Mexico, Colombia, India, Peru, Argentina, Ecuador, and Bolivia.

Google has added new protections to detect Catwatchful with Play Protect, its built-in Android security scanner. Android users can check for Catwatchful by dialing a specific code in their phone app. The app's custom backend was vulnerable to SQL injection attacks.

AI generated content may differ from the original.

Published on 25 July 2025
googlespywareandroidsecurityprivacy
  • Cloaked Adds AI Shield

    Cloaked Adds AI Shield

    Read more about Cloaked Adds AI Shield
  • UK Grapples with Encryption

    UK Grapples with Encryption

    Read more about UK Grapples with Encryption
  • AI Demands Data: Security?

    AI Demands Data: Security?

    Read more about AI Demands Data: Security?
  • Confident Security Launches with CONFSEC

    Confident Security Launches with CONFSEC

    Read more about Confident Security Launches with CONFSEC
Google Hosts Phone Spyware