Fraudulent “Call History” Apps Scam Millions of Android Users

Over 7.3 million Android users have fallen victim to a sophisticated scam involving apps falsely claiming to provide call records for any phone number. The fraudulent apps, collectively dubbed “CallPhantom” by security researchers, were recently discovered and removed from Google Play after being reported to Google through the App Defense Alliance partnership.

The scam apps purported to offer access to call histories, SMS records, and even WhatsApp call logs for any phone number—a technically impossible claim that nonetheless lured curious users into paying subscription fees ranging from €5 to as much as $80.

“These apps preyed on people’s curiosity about private information,” explained the research team that uncovered the scam. “What victims received after payment was nothing but randomly generated fake data with no connection to the requested phone number.”

The investigation identified 28 fraudulent apps operating under various names, with the most popular—”Call history: any number deta”—accumulating over 3 million downloads before its removal. Most apps targeted users in India and the broader Asia-Pacific region, featuring India’s +91 country code preselected and supporting UPI, a payment system widely used in India.

Despite accumulating thousands of negative reviews from users who realized they’d been scammed, the apps continued to attract victims, possibly through fake positive reviews and clever marketing.

Analysis revealed two main types of CallPhantom apps. The first type contained hardcoded names and templates in their code, combining these with randomly generated phone numbers to display as partial “results.” To view the supposed full history, users had to pay. The second type asked users to enter an email address where the “retrieved” call history would supposedly be delivered—but only after payment.

The researchers noted that the apps employed increasingly deceptive tactics to extract payment from users. Some displayed fake notification alerts styled as new emails claiming that call history results had arrived, directing users straight to payment screens when clicked.

Particularly concerning was how many of these apps circumvented Google Play’s official billing system. While some used Google’s legitimate subscription services, others pushed users toward third-party payment apps or direct credit card entry forms—violations of Google Play’s payment policies that complicated refund efforts for victims.

“When apps sidestep Google’s billing system, users lose important consumer protections,” a cybersecurity expert explained. “Google can’t process refunds for payments made outside their system, leaving victims dependent on external payment providers or the scammers themselves.”

For users who purchased subscriptions through Google’s official billing system, Google has automatically canceled existing subscriptions following the apps’ removal. These users may be eligible for refunds depending on the time since purchase and other factors outlined in Google’s refund policy.

The CallPhantom scam highlights the ongoing challenge of vetting app legitimacy even within official app stores. Security experts recommend users be skeptical of apps claiming to access information that would normally require special permissions or authority, especially when such access would violate privacy laws or technical limitations.

“No app can legally or technically access call records for random phone numbers,” the research team emphasized. “These claims should immediately raise red flags for potential users.”

The case serves as a reminder that even apps with millions of downloads can be fraudulent, and that curiosity about others’ private information can lead consumers into costly traps designed by scammers.