Google has suspended the account of phone surveillance operator Catwatchful, which was using the tech giant’s servers to host and operate its monitoring software. The shutdown comes a month after TechCrunch alerted Google that the operator was hosting its spyware operation on Firebase, one of Google’s developer platforms. Catwatchful relied on Firebase to store vast amounts of data stolen from thousands of compromised phones.
A Google spokesperson, Ed Fernandez, confirmed the suspension, stating that the operation violated the company’s terms of service. However, Google did not explain why it took a month to investigate and suspend the account. The company’s terms broadly prohibit customers from hosting malicious software or spyware on its platforms.
As of Friday, Catwatchful is no longer functioning and appears to have stopped transmitting or receiving data, according to a network traffic analysis by TechCrunch. The spyware targeted Android devices, disguising itself as a child monitoring app that claimed to be undetectable. Like other spyware, it required physical installation on a victim’s phone, often involving access to their passcode. Such apps are commonly referred to as “stalkerware” or “spouseware” due to their use in non-consensual surveillance, which is illegal.
Once installed, the app remained hidden from the home screen while uploading private messages, photos, location data, and more to a web dashboard accessible by the person who installed it. TechCrunch first learned of Catwatchful in mid-June after security researcher Eric Daigle discovered a security flaw exposing the spyware’s backend database. The flaw allowed unrestricted access to the database without requiring passwords or credentials.
The leaked database contained over 62,000 Catwatchful customer email addresses and plaintext passwords, along with records of 26,000 victim devices. It also revealed the operator behind the spyware, Uruguay-based developer Omar Soca Charcov. TechCrunch reached out to Charcov for comment on the security lapse and whether he planned to notify affected individuals, but he did not respond.
With no indication that Charcov would disclose the breach, TechCrunch shared a copy of the database with the data breach notification service Have I Been Pwned. Catwatchful is the latest in a series of spyware operations to suffer a data breach, often due to poor cybersecurity practices. By TechCrunch’s count, it is the fifth such operation this year to expose user data and one of more than two dozen since 2017.
Android users can check if Catwatchful is installed on their device, even if hidden, by dialing 543210 in the phone app’s keypad and pressing call. Experts advise having a safety plan in place before removing spyware from a phone.
For those in need of assistance, the National Domestic Violence Hotline (1-800-799-7233) offers free, confidential support 24/7. In emergencies, call 911. Additional resources are available through the Coalition Against Stalkerware for individuals concerned about spyware on their devices.