A researcher has discovered that the popular Android phone app Catwatchful leaked sensitive data of 62,000 users due to a SQL injection vulnerability. The app, which promises to be stealthy and secure for monitoring children’s online activities, actually allows anyone who exploits its flaw to access account holders’ personal information, including email addresses and passwords.
Source: https://arstechnica.com/security/2025/07/provider-of-covert-surveillance-app-spills-passwords-for-62000-users