Google Removes 28 Fraudulent Apps from Play Store After Millions of Downloads

Key Highlights

• Google removed 28 fraudulent Android apps from the Play Store
• The apps were linked to a scam campaign called CallPhantom
• They falsely claimed to reveal call history, SMS records, and WhatsApp call logs
• The apps were downloaded more than 7.3 million times before removal
• Many affected users were reportedly from India and the Asia-Pacific region

Introduction

Google has removed 28 fraudulent apps from the Play Store after cybersecurity researchers uncovered a large-scale scam targeting Android users. These apps promised users access to private call records, SMS details, and WhatsApp call history for any phone number—but in reality, they delivered fake information while charging users subscription fees.

The scam campaign, identified by cybersecurity firm ESET as CallPhantom, shows how digital fraud is becoming more polished and convincing. What looked like simple utility apps turned out to be carefully designed traps that played on users’ curiosity and privacy-related fears. (We Live Security)

What Was the CallPhantom Scam?

The fraudulent apps claimed they could show call logs, SMS records, and WhatsApp call history linked to a phone number. This kind of promise is already a major red flag because legitimate apps cannot legally provide another person’s private communication history.

According to ESET’s research, the apps generated fabricated data instead of real records. Users were shown fake phone numbers and made-up call details, creating the illusion that the service was working. (We Live Security)

How Many People Downloaded These Apps?

The 28 apps were downloaded more than 7.3 million times from the Google Play Store before being removed. Some reports noted that one app alone crossed millions of downloads, showing how quickly such scams can spread when they appear on trusted platforms. (The Hacker News)

The apps mainly targeted users in India and the wider Asia-Pacific region. Researchers found signs such as support for UPI payments and a preselected +91 country code, suggesting that Indian users were a key focus of the scam. (TechRadar)

How Did These Apps Trick Users?

The apps used a simple but effective method: they promised something people were curious about but should never expect from a legitimate app—access to someone else’s private call or message history.

Once users installed the app, they were pushed toward paid subscriptions. Some fees reportedly ranged from around $6 to $80. But after payment, users did not receive real data. Instead, the apps displayed fake records already embedded in the app code. (TechRadar)

Why This Is a Serious Warning for Android Users

This incident is not just about fake apps. It highlights a bigger problem: scammers are using professional-looking apps to exploit people’s curiosity, insecurity, or desire to monitor others.

Even though these apps did not behave like typical malware in every case, they still caused financial harm by charging users for fake services. Some apps also use third-party payment methods, which could make it harder for victims to obtain refunds. (We Live Security)

What Did Google Do?

After ESET reported the apps, Google removed all identified fraudulent apps from the Play Store. Reports also state that subscriptions handled through Google Play billing were cancelled and refunded, while users who paid through third-party payment methods may need to contact their payment providers for help. (TechRadar)

How to Stay Safe from Fake Apps

Before downloading any app, users should check whether its claims sound realistic. No genuine app can legally reveal another person’s private WhatsApp call logs, SMS history, or call records.

To stay safe:

• Avoid apps that promise access to someone else’s private data
• Check app reviews carefully, especially recent negative reviews
• Be cautious with apps asking for payment before showing results
• Use Google Play Protect and keep it enabled
• Prefer trusted apps from known developers
• Avoid third-party payment links inside suspicious apps

What Should You Do If You Installed One?

If you downloaded a suspicious call history or WhatsApp tracker app, uninstall it immediately. Then check your subscriptions in Google Play and cancel anything unfamiliar. Also review your bank, UPI, or card transactions for unexpected charges.

If you paid through Google Play, you can check refund options through your Google account. If you paid using another payment method, contact your bank or payment provider as soon as possible.

Conclusion

Google’s removal of 28 fraudulent apps is a strong reminder that not every app on a trusted platform is automatically safe. The CallPhantom scam shows how fraudsters can use curiosity and privacy concerns to make users pay for fake services.

The safest rule is simple: if an app claims it can reveal someone else’s private calls, messages, or WhatsApp records, don’t trust it. Real online safety begins with awareness before installation.

Frequently Asked Questions (FAQs)

1. Why did Google remove 28 apps from the Play Store?

Google removed them after researchers found they were fraudulent apps that claimed to provide call, SMS, and WhatsApp history but delivered fake data.

2. What is CallPhantom?

CallPhantom is the name given by ESET researchers to the scam campaign involving 28 fraudulent Android apps.

3. How many times were these apps downloaded?

The apps were downloaded more than 7.3 million times before being removed from Google Play.

4. Were Indian users affected?

Yes, reports suggest many affected users were from India and the Asia-Pacific region.

5. Can any app show someone else’s WhatsApp call history?

No. A legitimate app cannot legally provide another person’s private WhatsApp call logs or message history.

 

Read also: Free Apps Are Not Free – You Are the Product! 

 

Follow us on our:

Twitter | Instagram | Facebook | YouTube