Andy Walker/Android Authority
TL;DR
- Researchers found dozens of fake Google Play apps that promised call, SMS and WhatsApp history for any number.
- The apps had more than 7.3 million combined downloads before they were removed by Google.
- The apps charged users and returned fake data.
Google Play is considered a safe place to get Android apps, but not every app on the store is worth your trust, especially if you’re looking for them for potentially nefarious purposes. In a new elaborate scam that shows just how far a shady app can go before it’s shut down, 28 apps on Google Play are racking up more than 7.3 million downloads by promising access to other people’s call logs, SMS records and WhatsApp call history.
Have you encountered any scam ads on Android?
1066 votes
ESET researchers detailed the scam in a WeLiveSecurity reportWhere they collectively refer to the apps as “Callphantom”. The apps differed in appearance, but the trick was the same: You entered a phone number, paid to unlock purported communication records, and received fake data in return.
Don’t want to miss the best of Android Authority?
The researchers found that some apps generated random phone numbers and combined them with names and call details already embedded in the code. Others asked users for an email address where the allegedly ‘recovered’ history would be sent. Either way, ESET says the apps did not request intrusive permissions or have any real ability to access the requested data.
Let’s not ignore the elephant in the room here. No one deserves fraud, but this is an unusual case where the bait itself was quite questionable. The apps weren’t promising cheaper wallpapers or better weather widgets – they claimed to provide access to another person’s private communication history.
The payment side also messed things up. Some apps used Google Play’s official billing system, potentially allowing some victims to claim refunds. But ESET says others pushed users toward third-party payment apps or directly to the card checkout form inside the app. In one case, when users tried to leave the app, it showed misleading alerts like a new email claiming call history results had arrived, then redirected users back to the subscription screen.
ESET reported 28 apps to Google on December 16, and all of them had been removed from Google Play by the time the report was published. Although sideloading may receive more criticism when it comes to protection from scams, we are reminded that the Play Store can still give bad apps a large audience once they slip through.
Thank you for being a part of our community. Please read our comment policy before posting.
