Latest news with #Firebase
Indian Express
04-07-2025
- Indian Express
Catwatchful: The Android app that secretly stole 62,000 email addresses and passwords
A security vulnerability in a stealthy Android stalkerware named Catwatchful seems to have leaked more than 62,000 user credentials, including that of its administrator. The exploit was first discovered by a Canadian researcher named Eric Daigle, who claims that the leaked data includes email addresses and passwords stored in plain text. This data was used by the spyware's customers to access data stolen from the phones of unsuspecting victims. Catwatchful is a stalkerware for Android devices that disguises itself as a child-monitoring app. It works by uploading the victim's private information like photos, call logs, passwords, real-time location and other information by uploading it to a dashboard that can only be accessed by the person who planted it. What makes it even more dangerous is that Catwatchful can also tap in the live ambient audio using the phone's microphone and even access both front and rear cameras. Unlike most spyware apps for Android, Catwatchful uses its very own infrastructure and also offers a 3-day free trial, which is a rarity for a spyware app. The app developer also says that 'Catwatchful is invisible. It cannot be detected. It cannot be uninstalled. It cannot be stopped. It cannot be closed. Only you access the information it collects.' Unsurprisingly, it is not available on the Play Store and requires users to manually download and install it, which is often referred to as sideloading, which means only someone with physical access to your device will be able to install it. Daigle said he started by making a free trial account on the Catwatchful website, which is when he noticed that the website registered his information in two different locations, one of which was hosted on a domain called When installed, the app requested all sorts of permissions and hid itself as a system app. Also, all of the stolen data was stored in Firebase and accessed via a web control panel. However, the custom backend the app developer was using was vulnerable to a SQL injection attack. Daigle said he used this very flaw to access the service's entire user database, which included email addresses and passwords of people who were using Catwatchful to spy on others, which amounted to more than 62,000. As it turns out, it also included information of devices that were being monitored. According to TechCrunch, the majority of devices that were compromised were located in Mexico, Colombia, India, Peru, Argentina, Ecuador, and Bolivia. The publication says the list is in order of the number of victims. What's even more surprising is that some of these records date back to 2018, which suggests that Catwatchful has been operating and stealing data for at least 7 years.
Yahoo
03-07-2025
- Yahoo
Android 'Safety' App Was Actually Spying on People for Years
A so-called child safety app that secretly recorded phones for years has just been exposed along with the people who used it. Catwatchful, an Android app designed to run in stealth mode, was pitched as a way for parents to monitor their children, TechCrunch reported. But the app, which operated outside of the Google Play store, went far beyond basic tracking. It quietly uploaded everything from text messages and photos to real-time location data and ambient audio, all without the victim's knowledge. A recently discovered security flaw exposed the app's entire customer database, including more than 62,000 email addresses and passwords used by those who installed the spyware. The breach also revealed stolen data from 26,000 victim devices, many located in Mexico, Colombia, India, and other countries in Latin America and South Asia. Catwatchful relied on physical access to install, allowing it to bypass app store scrutiny. Once active, it was virtually invisible to the user, with a hidden backdoor code to bring it up only when prompted. The app also tapped into device microphones and cameras, pushing the limits of what 'monitoring' software should be allowed to do. And while the app's victims never saw it coming, the breach also compromised the operation's creator. The database exposed the identity of the developer behind the spyware, linking him directly to the stolen data and Firebase servers hosting it. Attempts to reach him have gone unanswered. Google, alerted to the breach, said it has added new protections to detect Catwatchful with Play Protect, its built-in Android security scanner. But as of now, the app's backend remains active. Catwatchful is just the latest in a troubling trend. Several stalkerware tools have leaked or been hacked this year, reinforcing how insecure and invasive these apps truly are. While marketed as parenting tools, many of them enable covert surveillance in relationships or workplaces, crossing legal and ethical lines. Android users can check for Catwatchful by dialing 543210 into the phone app. If it appears, it's installed, and it's time to remove it. In a tech-driven world, the promise of safety often comes with a hidden cost. With Catwatchful exposed, it's clear that in the age of smartphones, the line between protection and intrusion isn't always where you think it 'Safety' App Was Actually Spying on People for Years first appeared on Men's Journal on Jul 3, 2025
Tom's Guide
03-07-2025
- Tom's Guide
Catwatchful child monitoring app is actually spyware that leaked user data online — how to stay safe
Catwatchful is an app that claims to be a 'child monitoring app' but is, in actuality, a spyware app that acts invisibly on phones to send a victim's data back to a dashboard viewable by the person who downloaded it. Also called 'stalkerware' this app experienced a data breach via a security flaw that exposed both the email addresses and passwords of thousands of customers – and the phone data of thousands of victims. Security researcher Eric Daigle reported in a blog post that a vulnerability revealed the spyware app's full database of email addresses and plaintext passwords for more than 62,000 customers and phone data from 26,000 victims. Additionally, as reported by TechCrunch, the administrator of the Catwatchful operator was also exposed in the breach. The compromised devices were from (in order of victim numbers) Mexico, Colombia, India, Peru and Argentina among others. The Catwatchful app uploads a victim's phone contents to a dashboard, which is viewable by the person who secretly installed the app, which includes a concerning amount of data such as photos, messages, access to front and rear cameras, microphone access and real time location data. This presents an obvious security risk to the victim – stalkerware and spyware apps are non-consensual surveillance apps that are frequently used against domestic and romantic partners in ways that violate laws which is exactly why these types of apps are banned and need to be downloaded by someone who has direct physical access to the phone. Catwatchful is not the first spyware app to suffer a data breach; according to TechCrunch, it's at least the fifth this year – a clear indication that consumer grade spyware offerings are spreading more widely even though what they are offering is 'shoddy codding and security failings that expose both paying customers and unsuspecting victims to data breaches.' Get instant access to breaking news, the hottest reviews, great deals and helpful tips. According to Daigle, the Catwatchful API was unauthenticated which is what allowed anyone on the open internet to interact with the user database without a login; the whole database of email addresses and passwords were exposed. While the API was briefly taken down, it was then back up again. Google is apparently investigating the Firebase involvement but has added protections that enable Google Play Protect to alert users when it detects Catwatchful spyware or its installer on a user's phone. Catwatchful claims it cannot be uninstalled, however, there are still things that can be done. First, as with any spyware or stalkerware, have a safety plan in place. Disabling this type of software can potentially alert the person who installed it in the first place, so always protect yourself first. If you're looking for additional resources, you might want to contact the Coalition Against Stalkerware. Android users who suspect they have Catwatchful installed can dial 543210 on their device's keypad and hit call. If its installed, it should appear on the screen - this code is a backdoor feature to regain access to the settings once the app has been hidden but it also shows if the app is installed, so if you use it you may also ping the person who installed it. Next steps: Make sure Google Play Protect is enabled, and check the permissions sections of your phone. If you don't recognize the apps that have permissions that should be a clear warning sign, particularly accessibility services. Check your Android device's app list and remove anything you didn't approve or don't recognize. Also make sure you have a lock screen enabled and protect your accounts using two-factor authentication whenever possible to prevent anyone from accessing them easily. For added security, the best Android antivirus apps can help provide you with additional protection like a VPN and identity theft protection. Spyware and stalkerware are very real threats that need to be taken extra seriously as they typically aren't installed on your phone by hackers but by someone you know. This breach is certainly concerning for those affected by it but it also serves as a wakeup call and a reminder of the threat posed by these types of apps.
India Today
03-07-2025
- India Today
Stealth app Catwatchful caught spying on thousands of phones, leak reveals emails, passwords and its own admin
A stealth app called Catwatchful has allegedly been caught in its own trap after a major security flaw exposed sensitive data of both its users and victims. The app, which disguises itself as a child-monitoring tool, has been silently stealing data from thousands of Android phones – including photos, messages, location details, and even live audio from microphones and cameras. But a newly discovered vulnerability has turned the tables. advertisementCanadian security researcher Eric Daigle found that Catwatchful's database was completely exposed online due to a misconfigured, unauthenticated API. This meant that anyone could access sensitive data, including the email addresses and plain-text passwords of over 62,000 customers, along with private phone data from more than 26,000 victims. The majority of affected devices were located in countries like India, Mexico, Colombia, Peru, Argentina, Ecuador, and Bolivia. The exposed data includes records stretching back as early as 2018. In a blog post, Daigle explained that Catwatchful operates by being manually installed on a victim's device by someone with physical access – often a romantic partner or family member – making it a form of stalkerware. Daigle's investigation also revealed that Catwatchful used Google Firebase to host stolen data, like users' photos and real-time audio recordings. Upon being alerted, Google said it had added Catwatchful to its Play Protect tool to warn Android users of the spyware. advertisementThe breach didn't just expose victims, it also revealed the identity of Catwatchful's operator. The developer behind the spyware was identified as Omar Soca Charcov, a software engineer residing in Uruguay, according to a report by TechCrunch. Charcov's details, including his personal email, phone number, and even the Firebase web address used to store stolen data, were found in the database. Charcov's LinkedIn profile used the same email address found in the spyware data, as per the report. He reportedly also linked his personal email account to the administrator account for Catwatchful, making it easy to trace him as the operator. Following the discovery, Daigle informed the hosting provider for Catwatchful's API, which briefly suspended the spyware's services. However, the API later returned via HostGator. Google is apparently reviewing whether Catwatchful violated its Firebase terms, but at the time of writing the story, the app's database remains online.- Ends
Time Business News
28-06-2025
- Time Business News
Advanced Features That Influence Flutter App Development Costs
Let's be real—when you're planning an app, the word 'features' gets thrown around a lot. 'We want a chat feature,' 'Can we add push notifications?' or the classic startup line: 'It should work offline too, obviously.' Sounds simple, right? Well… not quite. The truth is, every feature you dream up for your Flutter app is a decision that echoes in code complexity, development time, backend infra, and, yes—cost. And while Flutter does make it faster to build beautiful, cross-platform apps, the features you pack into it still determine how deep your pockets need to be. Now, here's the good news: Flutter is arguably one of the most efficient ways to ship feature-rich apps without losing your mind (or your entire budget). It's flexible, fast, and wildly developer-friendly. But even with all that going for it, some features are simply more 'expensive' than others—not just in terms of money, but also time, testing, and long-term maintenance. In this blog, we're going to unpack the advanced Flutter app development service features that most directly impact your app's cost. And we're not talking about generic fluff here—we're diving into the ones that show up again and again in real client projects, MVP launches, and scaling apps. Whether you're a founder, product manager, or just someone obsessing over your app idea on a whiteboard, this is your no-BS guide to understanding the features of Flutter app development that move the budget needle. Let's break it down. In today's app world, users expect things to happen the moment they tap. Whether it's live chat, food delivery tracking, or collaborative features like shared whiteboards—real-time interactions are no longer a bonus. They're baseline expectations. But building for real-time isn't just about speed. Behind that seamless experience is a layer of complexity: WebSockets or Firebase for live data sync, managing state across screens, and ensuring things still behave when network conditions are poor. These features aren't hard to implement with Flutter, but they're definitely not plug-and-play either. Real-time chat in a customer support flow? That requires backend logic, message queues, delivery receipts, and presence detection. Live tracking in a logistics app? You're looking at continuous location updates, battery optimization, and permission handling. Each one may look simple on the front end, but they add significantly to backend integration, testing scope, and maintenance overhead. Among the most common Flutter app development features, real-time functionality is a major driver of cost. It demands precision—both in how it's built and how it's scaled. The bottom line? Only go real-time if your users absolutely need it. Because once it's in, it sets the bar. And expectations only go up from there. Offline functionality seems like a no-brainer—especially in regions where internet access isn't always reliable. But what sounds simple ('make it work without internet') is anything but. When users go offline, your app needs to store data locally, track what's changed, and sync it back to the server once they reconnect. That's not just a matter of caching a few screens. It means building out conflict resolution logic, version control, and edge-case handling for half-synced data. Flutter does support local databases like Hive or SQLite, and pairing that with tools like Firebase can help—but even then, offline mode requires careful planning. The app has to be smart enough to queue user actions and play them back correctly later. This feature is especially common in field service apps, travel tools, and education platforms—anywhere users might go offline but still need to interact with content. Among all features of Flutter app development, offline mode is one of the most underestimated in terms of effort and cost. It requires backend coordination, extra testing scenarios, and UX safeguards to avoid user confusion. If offline access is essential to your app's success, it's worth investing in. But know this: it's not a fallback—it's a full feature. Flutter is known for its beautiful UI, and a big reason is its animation capabilities. You can animate just about anything—from subtle button hovers to complex onboarding sequences. And that's exactly where things get tricky. The more custom your animations are, the more effort they demand. That includes design time, dev time, and performance optimization. Animations need to be smooth across devices and screen sizes, which means constant testing and fine-tuning. Clients often assume animations are a 'nice-to-have' that won't affect the timeline. But in reality, even one animated screen can add days to a sprint. For example, an animated shopping cart interaction or a transition-heavy onboarding flow involves gesture detection, animation controllers, and memory-efficient asset handling. Of all Flutter development features, custom animations are the ones most likely to stretch scope without warning. They don't just add visual polish—they add engineering weight. That doesn't mean you should avoid them. When done right, animations elevate the user experience and make apps feel polished. Just don't underestimate the effort they bring. In the end, a slick animation costs more than it looks. Monetizing your app with in-app purchases sounds straightforward—until you dive into the details. Whether you're selling premium content, offering subscriptions, or unlocking features, there's a lot more to it than just adding a 'Buy Now' button. First, there's platform compliance. Both Apple and Google have their own in-app purchase (IAP) systems, each with strict rules, fee structures, and approval processes. You can't just use any payment gateway for digital goods—you have to play by their rules, and that means using their APIs. Then there's backend logic. You'll need to validate purchases, handle auto-renewals, manage refunds, and sync user entitlements across devices. Flutter does offer plugins to help—like in_app_purchase—but integrating them properly still takes time, especially when building subscription models. This is one of those Flutter app development features that sounds small but affects nearly every layer: UI, backend, testing, and long-term maintenance. It also adds extra effort around user account systems, since you'll need to track who owns what and for how long. If recurring revenue is core to your app, then yes, it's worth the complexity. But from a cost perspective, it's not a 'just add it in' kind of task. Everyone wants a 'smart' app these days. Whether it's a chatbot that can answer questions, a recommendation engine that personalizes content, or a voice assistant that responds naturally—AI is no longer futuristic. It's expected. Flutter apps can absolutely integrate AI features. You can connect to APIs like OpenAI, Gemini, or use Firebase ML Kit to bring intelligence into your app. But here's the catch: while the interface can stay clean, the logic behind AI features is anything but simple. Take a chatbot, for example. It's not just about sending and receiving messages—you need to manage conversation state, contextual memory, fallbacks, and potentially fine-tuned models. A recommendation engine? That means tracking user behavior, storing preferences, and running inference either on-device or via the cloud. The cost impact of AI features depends on how deeply you want to go. If you're using ready-made APIs, it's faster to ship but still requires integration effort and often comes with usage-based pricing. If you're training your own models or handling complex workflows, the effort jumps quickly. Among all features impacting Flutter app development cost, AI sits in a category of its own. It's powerful, exciting, and valuable—but definitely not lightweight. If it adds clear value to the user experience, go for it. Just don't assume AI = easy. Adding support for multiple languages seems like a thoughtful, global-minded feature—and it is. But as with most things in app development, it gets complicated fast. Translating labels is just the start. Real localization involves adapting date formats, currency symbols, units of measurement, text direction (for RTL languages like Arabic or Hebrew), and even visuals or layouts to match regional norms. The deeper you go, the more effort it takes. In Flutter, the intl package makes basic localization easier, but you'll still need a structured way to manage strings, handle fallback languages, and keep translations updated as the app evolves. It's not just a technical task—it often involves coordination with translators, linguists, or external services. For apps in sectors like education, travel, healthcare, or finance—where audience reach spans geographies—multi-language support is often essential. But it's one of those Flutter development features that multiplies the testing effort significantly. Every screen, flow, and interaction has to be verified across all supported languages. Localization adds polish and reach—but from a development standpoint, it adds layers. Plan for it early if you want to do it well. One of the reasons people love Flutter is the rich ecosystem of plugins. Need to add payments, maps, analytics, or authentication? There's probably a package for that. But here's what often gets overlooked: not all third-party integrations are created equal. Many plugins work well for simple use cases, but once your app needs deeper customization—or when the plugin hasn't been updated in a while—you may end up spending more time fixing things than if you built the integration from scratch. And when plugins break across iOS or Android updates, the maintenance cost becomes very real. Integrations with services like Stripe, Razorpay, Firebase, or Salesforce can seem straightforward, but if you're dealing with non-standard APIs, poorly documented endpoints, or strict compliance rules, the dev time adds up. And if you need offline fallback or background sync? That's additional complexity. This is one of those features impacting Flutter app development cost that feels deceptively small during planning. The truth is, the more integrations you add, the more external dependencies you have to manage—and test. Third-party plugins can absolutely speed up development, but only if they're reliable, actively maintained, and well understood by your dev team. Otherwise, they're just shortcuts that loop you back to square one. Often treated as an afterthought, admin dashboards are one of the most quietly complex Flutter app development features—especially when they're built custom. These panels control user data, content moderation, app settings, payments, and analytics. They aren't just 'backend views'—they're full apps of their own. Some teams try to skip this and manage things manually through databases or spreadsheets. That works for a while—until growth kicks in, or user behavior needs monitoring, or new permissions are required. With Flutter Web, you can technically build the dashboard using the same codebase, which is a big win. But it still requires proper routing, role-based access, data visualization, and sometimes third-party integrations like Stripe or Firebase Admin SDKs. So while dashboards aren't flashy, they're powerful. And they definitely impact development cost, testing scope, and long-term scalability. If your app will need internal controls or team-based workflows, plan this in from day one. It's not a bolt-on—it's a backbone. Building a feature-rich Flutter app doesn't have to be overwhelming. The real challenge isn't choosing how many features to include—it's choosing the right ones. Every advanced feature we've covered—real-time sync, offline mode, subscriptions, AI, animations, localization, third-party integrations—can bring real value. But they also come with real cost, both in terms of development effort and long-term complexity. That's why the smartest product teams don't just chase features—they chase end-product viability. They focus on aligning every feature with a business goal, a user behavior, or a market need. It's never about how much you can pack in—it's about what actually moves the needle. Agencies like Flutternest, who specialize in Flutter app development, often work with startups and growth-stage companies to make these decisions early—before features become expensive detours. That kind of clarity at the planning stage can mean the difference between a bloated app and a focused, high-performing product. Flutter gives you flexibility and power. But it's the intent behind your features that defines whether your app truly succeeds. So as you build, don't just ask what your app should do—ask why each feature belongs. That's where great apps begin. TIME BUSINESS NEWS
