Mastodawn

Cerberus is one of the longest-running stalkerware apps on Android.

We reverse-engineered their ecosystem to document how it operates, and why Google must remove it from the Play Store, stop monetizing it through AdMob, and stop hosting the Firebase Cloud Messaging that runs its C2.

tl;dr https://hexproof.dev/datagrams/cerberus-on-play/

deep dive https://hexproof.dev/datagrams/cerberus-stalkerware-re/

#reverseengineering #android #stalkerware

Cerberus is stalkerware. Google Play hosts it.

Cerberus on Google Play: €5/month buys silent camera, microphone, GPS, and SMS access on a victim's phone. Researchers reported it to Google as intimate-partner-violence spyware in 2018; Google removed it later that year on an unrelated policy and relisted it in 2023. Google AdMob pays the developer; Google Firebase hosts the command-and-control backend.

hexproof

hexproof Apr 10

Hello world, I'm @eslerm and will be posting about security and systems performance on @hexproof

My first post compares the recently leaked Claude Code source code with other harnesses:

https://hexproof.dev/datagrams/fossil-record-harness-engineering/

The Fossil Record of Harness Engineering

How Claude Code, Aider, Cursor, Windsurf, and Copilot engineer the systems around their models — and what the architecture reveals about each team's priorities. From source code and leaked prompts.

hexproof