Fake call history apps on Google Play tricked users into paying for made-up data
5 min. read 
Published on
Fake Android apps on Google Play tricked users into paying for call history, SMS, and WhatsApp log data that they could never actually provide. ESET researchers tracked the scam as CallPhantom and found 28 related apps with more than 7.3 million combined downloads before Google removed them.
The apps promised to show the call history of any phone number. In reality, they generated fake communication records and asked users to pay to unlock more fabricated results.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
The campaign mainly targeted Android users in India and the broader Asia-Pacific region. Many apps came with India’s +91 country code already selected, and several supported UPI payments, making the scam look more familiar to local users.
How the CallPhantom apps fooled users
The apps used a simple hook: curiosity. A user entered a phone number, saw what looked like partial call history data, and then received a prompt to pay for the full result.
ESET found that the data shown by the apps was not real. Some apps used hardcoded names, country codes, call times, and templates in their code, then mixed them with randomly generated phone numbers.
Other apps asked users to enter an email address and claimed the call history would arrive there after payment. The apps still had no real ability to retrieve private call logs, SMS records, or WhatsApp data from another person’s device.
At a glance
| Detail | What happened |
|---|---|
| Scam name | CallPhantom |
| Apps found | 28 fraudulent Android apps |
| Platform | Google Play |
| Downloads | More than 7.3 million combined downloads |
| Main claim | Access to call logs, SMS records, or WhatsApp call history for any number |
| Actual result | Fake data generated from hardcoded templates and random numbers |
| Primary target region | India and the broader Asia-Pacific region |
Why the apps looked convincing
The fake apps did not need suspicious permissions to run the scam. That made them appear safer than many malicious Android apps, because they did not ask for deep access to contacts, messages, or call logs.
This was part of the trick. Since the apps never intended to retrieve real data, they did not need the permissions a real call-log tool would require.
Some Play Store listings also included screenshots that appeared to show call history results. ESET said those screenshots displayed fabricated logs created from hardcoded data.
Payment methods made refunds harder
ESET found three payment methods across the apps. Some used Google Play’s official billing system, which gave users a clearer path to manage subscriptions and request refunds.
Other apps pushed users toward third-party UPI payments. In those cases, payment URLs were either hardcoded inside the app or fetched from a Firebase real-time database, which allowed operators to change receiving accounts.
A third group embedded card checkout forms directly inside the app. ESET said the latter two payment methods violated Google Play’s payments policy and made refunds more difficult for victims.
How the apps kept pressuring users
Some apps used extra pressure after users left without paying. In one case, ESET observed deceptive notifications styled like email alerts, claiming that call history results had arrived.
When users tapped the notification, the app sent them back to a subscription screen. This kept the scam active even after someone had already closed the app.
The subscription prices varied across the apps. ESET said packages included weekly, monthly, and yearly options, with the highest requested price reaching $80.
What users should do now
- Delete any app that claims it can show call history for any phone number.
- Cancel related subscriptions from the Google Play Store if the payment went through Google Play billing.
- Request a refund through Google Play if the purchase meets Google’s refund rules.
- Contact the payment provider or card issuer if the payment happened outside Google Play.
- Check recent UPI and card transactions for unknown charges.
- Turn on Google Play Protect and run a scan.
- Avoid apps that promise access to someone else’s private messages, call logs, or WhatsApp data.
Why this scam matters
CallPhantom shows that fraudulent apps can cause financial damage without stealing sensitive permissions or installing classic malware. The apps sold a fake service and used normal-looking interfaces to make the scam seem legitimate.
The campaign also highlights the risk of trusting app store listings too quickly. A large download count, polished screenshots, or positive reviews do not always prove that an app works as advertised.
Users should treat any app claiming to reveal another person’s private communication history as a red flag. Legitimate Android apps cannot simply retrieve call logs, SMS records, or WhatsApp call history for any random number.
FAQ
No legitimate app can retrieve another person’s private call logs, SMS records, or WhatsApp history just from a phone number.
CallPhantom is the name ESET gave to a cluster of fraudulent Android apps that claimed to reveal call logs, SMS records, and WhatsApp call history for any phone number.
Yes. ESET said it found 28 CallPhantom apps on Google Play. Google removed the reported apps after ESET disclosed its findings.
No. The apps showed fabricated data created from hardcoded templates, fixed names, generated timestamps, and random phone numbers.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages