28 Fake Call History Apps Exposed as Scams on Google Play
In a significant security revelation, a group of 28 fraudulent applications, collectively dubbed "CallPhantom," has been unmasked as subscription scams on Google Play. These apps, which have amassed over 7.3 million downloads, have been found to generate phony call history logs instead of accessing real phone records. Security researchers from ESET, the cybersecurity firm that uncovered the scheme, highlighted that several of these apps even avoided Google’s official billing system, making it increasingly difficult for victims to secure refunds.
The Operations of CallPhantom
The apps promoted outrageous services that were fundamentally impossible: they claimed to offer comprehensive call histories, SMS records, and even WhatsApp call logs for any phone number provided by the user. One notable application, titled "Call History of Any Number," was misleadingly published under the developer name "Indian gov.in," misleading users into thinking it was affiliated with a governmental entity. This deceptive tactic was just one facet of the apps’ broader strategy to lure unsuspecting users.
Upon installation, these apps prompt users to input a target phone number and subsequently lock the purported results behind a paywall. This paywall often takes the form of weekly, monthly, or annual subscription fees, effectively trapping users into paying for nonexistent services.
ESET’s investigation revealed that the “results” screens displayed by these apps were entirely fabricated. The output was generated using hardcoded templates and random number generators rather than any legitimate backend processes. In one cluster of applications, the code utilized fixed lists of names, country codes, timestamps, and call durations. These were combined with randomly generated numbers and then shown to users as partial "sample" records, essentially baiting them into paying for full access to a fabricated call history.
Deceptive User Engagement
In addition to misleading results, another variant of these apps requested users’ email addresses, promising to send a complete report to their inbox once a subscription was purchased. However, the generation of these fabricated logs only commenced after payment was made, leaving users with nothing but empty promises.
ESET’s analysis revealed that there were no network requests made to any telecom operator or messaging service — a clear indication that the apps could not access authentic call detail records. To further manipulate hesitant users, one app featured deceptive notifications that mimicked system alerts, suggesting that the user had received new emails confirming that their call history report was available. If the user attempted to exit the app without subscribing, these notifications were used to redirect them back to the subscription screen.
Primarily targeting users in India and the wider Asia-Pacific region, many of the apps had the +91 country code preselected and integrated with UPI-based payment flows that are popular in this demographic. The marketing of these apps mixed blatantly false promises with well-crafted promotional content. Additionally, fraudulent positive reviews and one-star ratings from disgruntled victims who received nothing but random data were included in the app listings, creating a misleading narrative about their reliability.
Payment Mechanisms and User Vulnerability
ESET documented three primary payment pathways used across the 28 apps. While some complied with Google Play’s in-app billing policy, permitting users some standard subscription management options, others circumvented these rules. These latter apps directed users to make payments via third-party UPI apps and embedded card-payment forms directly within the app itself.
Given these deceptive strategies, victims who made payments outside Google’s standard framework would find it challenging to acquire refunds. The responsibility for seeking recourse would fall on the user’s shoulders, necessitating contact with their bank or card issuer.
In response to ESET’s findings, Google promptly removed all 28 of the identified CallPhantom apps from its Play Store. Subscriptions linked to these apps via Google Play billing have also been canceled. However, users who made payments via alternative methods face a daunting prospect. Google cannot process refunds for transactions that took place off-platform; thus, they are left navigating the complexities of dealing with external payment providers.
Precautionary Measures
ESET has urged users to exercise extreme caution, advising against downloading any apps that claim to reveal call logs, SMS records, or messaging histories for arbitrary numbers. Legitimate access to such sensitive data is not possible through genuine consumer applications, and any such offers should be regarded as red flags indicating potential scams.
In this dynamic landscape of mobile applications, users must remain vigilant and informed to protect themselves from similar fraudulent schemes in the future. The CallPhantom scam serves as a stark reminder of the dangers posed by deceptive applications on popular platforms like Google Play, highlighting the need for comprehensive digital literacy among consumers.