The maker of a phone app that is promoted as offering a sneaky methods for keeping an eye on all activities on an Android gadget spilled e-mail addresses, plain-text passwords, and other delicate information coming from 62,000 users, a scientist found just recently.

A security defect in the app, branded Catwatchful, enabled scientist Eric Daigle to download a chest of delicate information, which came from account holders who utilized the hidden app to keep track of phones. The leakage, enabled by a SQL injection vulnerability, enabled anybody who exploited it to access the accounts and all information saved in them.

Unstoppable

Catwatchful developers stress the app’s stealth and security. While the promoters declare the app is legal and meant for moms and dads monitoring their kids’s online activities, the focus on stealth has actually raised issues that it’s being focused on individuals with other programs.

“Catwatchful is invisible,” a page promoting the app states. “It cannot be detected. It cannot be uninstalled. It cannot be stopped. It cannot be closed. Only you can access the information it collects.”

The promoters go on to state users “can monitor a phone without [owners] knowing with mobile phone monitoring software. The app is invisible and undetectable on the phone. It works in a hidden and stealth mode.”