Andy Walker / Android Authority
TL;DR
- Researchers found dozens of fraudulent Google Play apps promising call, SMS and WhatsApp history for any number.
- The apps had more than 7.3 million combined downloads before Google removed them.
- The apps charged users and returned false data.
Google Play is supposed to be the safest place to get android appsBut not all apps in the store deserve your trust, especially if you’re looking for them for potentially nefarious purposes. A newly detailed scam shows how far a dodgy app can go before being stopped, with 28 apps on Google Play racking up more than 7.3 million downloads by promising access to other people’s call logs, SMS logs and WhatsApp call history.
Have you come across a scam ad on Android?
1076 votes
ESET researchers detailed the scam in a We LiveSecurity reportwhere they collectively refer to the applications as “CallPhantom”. The apps differed in appearance, but the trick was the same: you entered a phone number, paid to unlock the supposed communication records, and received fake data in return.
I don’t want to miss the best of Android Authority?
Researchers found that some apps generated random phone numbers and matched them with names and call details already included in the code. Others asked users for an email address to which the “recovered” history was supposed to be sent. Either way, ESET says the apps did not ask for intrusive permissions nor do they have any real ability to access the requested data.
Let’s not ignore the elephant in the room here. No one deserves to be scammed, but this is an unusual case where the bait itself was quite dodgy. The apps didn’t promise cheaper wallpapers or a better weather widget: They claimed to offer access to another person’s private communications history.
The payment side also complicated things. Some apps used the official Google Play billing system, potentially allowing some victims to claim refunds. But ESET says others pushed users toward third-party payment apps or direct card payment forms within the app. In one case, when users tried to exit the app, it displayed misleading new email-style alerts claiming that call history results had arrived and then sent users back to a subscription screen.
ESET reported the 28 apps to Google on December 16 and all had been removed from Google Play by the time the report was published. While sideloading may generate more criticism when it comes to protection against scams, we remember that the Play Store can still generateI have bad apps, a big audience. once they sneak in.
Thank you for being part of our community. Read our Comment Policy before publishing.
