Google has officially suspended the account of Catwatchful, a surveillance software provider that utilized the tech giant’s Firebase platform to host and manage its malicious operations. The move comes one month after investigators alerted Google that its own infrastructure was being used to store sensitive data stolen from thousands of compromised Android devices.
A Month-Long Delay in Enforcement
Despite clear terms of service prohibiting the use of its platforms for malicious software or spyware, Google took four weeks to act on the reports. A company spokesperson confirmed the suspension this week, stating that the Firebase operations were terminated for policy violations. Google has declined to comment on why the investigation process spanned an entire month.
The Mechanics of “Stalkerware”
Catwatchful marketed itself as a child-monitoring tool, but functioned as “stalkerware”—software designed for non-consensual surveillance. Once physically installed on a target’s phone, the app would hide itself from the home screen, continuously siphoning private messages, photos, and real-time location data to a remote dashboard.
Network traffic analysis confirms that the operation is no longer transmitting or receiving data as of last Friday.
Security Flaws and Data Exposure
The operation’s downfall began in mid-June when security researcher Eric Daigle identified a critical bug in the spyware’s back-end database. The vulnerability allowed unauthenticated access to the server, exposing:
- Over 62,000 customer email addresses and plaintext passwords.
- Records detailing 26,000 victim devices compromised by the software.
The database also identified the administrator behind the operation as Uruguay-based developer Omar Soca Charcov. Following a lack of response from the developer regarding the security breach, the data was provided to the Have I Been Pwned notification service to alert affected users.
A Recurring Industry Crisis
Catwatchful is the fifth spyware operation this year to suffer a major data breach due to poor cybersecurity practices. Since 2017, over two dozen similar surveillance services have exposed their databases, highlighting the systemic failure of these companies to protect the very data they collect.
How to Check Your Device
Android users concerned about potential compromise can attempt to locate the hidden app by dialing 543210 into the phone’s keypad and pressing the call button. If the spyware is present, this may trigger the interface to reveal itself.
Before attempting to remove any malicious software, experts strongly advise users to have a safety plan in place. For those experiencing domestic abuse or unauthorized surveillance, the Coalition Against Stalkerware provides critical resources for victims. In the U.S., the National Domestic Violence Hotline is available 24/7 at 1-800-799-7233.