INSUBCONTINENT EXCLUSIVE:
The maker of a phone app that is advertised as providing a stealthy means for monitoring all activities on an Android device spilled email
addresses, plain-text passwords, and other sensitive data belonging to 62,000 users, a researcher discovered recently.A security flaw in the
app, branded Catwatchful, allowed researcher Eric Daigle to download a trove of sensitive data, which belonged to account holders who used
the covert app to monitor phones
The leak, made possible by a SQL injection vulnerability, allowed anyone who exploited it to access the accounts and all data stored in
them.Catwatchful creators emphasize the app's stealth and security
While the promoters claim the app is legal and intended for parents monitoring their children's online activities, the emphasis on stealth
has raised concerns that it's being aimed at people with other agendas."Catwatchful is invisible," a page promoting the app says
Only you can access the information it collects."The promoters go on to say users "can monitor a phone without [owners] knowing with mobile
phone monitoring software
The app is invisible and undetectable on the phone
It works in a hidden and stealth mode."
