The topic Scam Android apps on Google Play got millions of downloads from a creepy pitch is currently the subject of lively discussion — readers and analysts are keeping a close eye on developments.
This is taking place in a dynamic environment: companies’ decisions and competitors’ reactions can quickly change the picture.
Affiliate links on Android Authority may earn us a commission. Learn more.
Google Play is supposed to be the safer place to get Android apps, but not every app on the store deserves your trust, especially if you’re seeking them out for potentially nefarious purposes. A newly detailed scam shows how far a dubious app can go before it’s stopped, with 28 apps on Google Play racking up more than 7.3 million downloads by promising access to other people’s call logs, SMS records, and WhatsApp call history.
ESET researchers detailed the scam in a WeLiveSecurity report, where they collectively refer to the apps as “CallPhantom.” The apps differed in appearance, but the trick was the same: you entered a phone number, paid to unlock the supposed communication records, and received fake data in return.
The researchers found that some apps generated random phone numbers and paired them with names and call details already embedded in the code. Others asked users for an email address where the ‘retrieved’ history would supposedly be sent. Either way, ESET says the apps didn’t request intrusive permissions or have any real ability to access the requested data.
Let’s not ignore the elephant in the room here. Nobody deserves to be scammed, but this is an unusual case where the bait itself was pretty dubious. The apps weren’t promising cheaper wallpapers or a better weather widget — they claimed to offer access to another person’s private communication history.
The payment side also made things messier. Some apps used Google Play’s official billing system, potentially allowing some victims to claim refunds. But ESET says others pushed users toward third-party payment apps or direct card checkout forms inside the app. In one case, when the users tried to leave the app, it showed deceptive alerts styled like new emails that claimed the call history results had arrived, then sent users back to a subscription screen.
ESET reported the 28 apps to Google on December 16, and all of them had been removed from Google Play by the time the report was published. While sideloading might get more flak when it comes to scam protection, we’re reminded that the Play Store can still give bad apps a huge audience once they slip through.
Thank you for being part of our community. Read our Comment Policy before posting.