Google has finally suspended the Firebase account used by Catwatchful, an Android spyware operation that quietly hosted stolen data on Google’s developer platform. The move comes nearly four weeks after TechCrunch first alerted Google to the presence of the stalkerware service on Firebase, prompting questions about why enforcement took so long.
Investigation and Shutdown Delay
TechCrunch reported the existence of Catwatchful’s backend database on June 18. The spyware program used Firebase to save messages, photos, location data, etc., of hacked devices. An email response by Google spokesperson Ed Fernandez confirmed that the company had investigated the operations that were flagged and suspended the account, saying it had violated Google terms of service. Google declined to explain publicly why investigating and disabling the service took almost a full month.
How Catwatchful Operated
Catwatchful marketed itself as an undetectable child‑monitoring tool but functioned as typical stalkerware. Operators had to install it manually on a target’s phone, often requiring the device passcode. Once active, the app hid its icon and transmitted personal data to a web dashboard. Thousands of users reportedly paid for access to these stolen files over the life of the service.
Data Breach and Impact
A security researcher discovered in early July that Catwatchful’s Firebase database was exposed without authentication. It contained over sixty‑two thousand customer email addresses with plaintext passwords, along with records for twenty‑six thousand victim devices. The breach also revealed the operator’s identity as Uruguay‑based developer Omar Soca Charcov. TechCrunch provided the data to Have I Been Pwned to alert affected users.
Google’s Terms and Responsibilities
Google’s acceptable use policy forbids hosting malicious or spyware applications on Firebase. Despite this clear prohibition, Catwatchful remained active long enough to breach the data of thousands. Industry advocates argue that faster action on such abuses is crucial to protect user privacy. Google’s delay highlights the challenge of balancing open developer platforms with security enforcement.
What Users Should Do
Android users who worry about stalkerware are also able to check whether they have Catwatchful present by calling 543210 in the phone app and tapping call. Once you install the app, it will unveil itself. To delete spyware, users with perceptions of spying should adhere to a safety plan first, and on the one hand, they can seek advice from digital security experts. They can also consider updating all online logins and passwords, as well as using two-factor authentication.
The shutting down of Catwatchful by Google is the closure of one case of spyware on its servers, but is an indicator of constant calls to vigilance. It is the responsibility of the developers and platforms to act immediately so that such threats have no chance to remain and cause vulnerability of confidential personal information.
