ESET flags 28 fake call-log apps on Google Play

By AI, Created 5:07 PM UTC, May 18, 2026, /AGP/ – ESET says 28 fraudulent Android apps on Google Play tricked users into paying for fake call history, SMS and WhatsApp logs, with more than 7.3 million downloads in total. Google removed the apps after ESET reported them, but some users who paid outside Google Play may still need to seek refunds from their payment providers.

Why it matters: - The scam turned a simple search for call logs into a pay-to-lose scheme for millions of Android users. - The apps targeted users in India and the wider Asia Pacific region, where UPI and India’s +91 country code made the fraud look familiar and credible. - Payments made outside Google Play may be hard to reverse, leaving some users with no easy refund path.

What happened: - ESET Research uncovered 28 fraudulent apps on Google Play that claimed to provide call history for any phone number. - ESET named the cluster CallPhantom after the apps’ false promises. - The apps also claimed to show SMS records and WhatsApp call logs. - ESET reported the findings to Google as an App Defense Alliance partner. - Google removed all of the apps identified in ESET’s report from Google Play.

The details: - The apps asked users to pay before unlocking the supposed feature. - The apps returned randomly generated data instead of real records. - ESET researcher Lukáš Štefanko said the app analyzed after a November 2025 Reddit post generated random phone numbers and paired them with fixed names, call times and call durations embedded in the code. - The apps used simple interfaces and did not request intrusive or sensitive permissions. - The apps had no functionality capable of retrieving actual call, SMS or WhatsApp data. - Many of the apps came with India’s +91 country code preselected. - The apps supported UPI, a payment system used primarily in India. - ESET said the 28 apps had more than 7.3 million cumulative downloads. - Researchers saw three payment methods across the apps. - Two of those payment methods violated Google Play’s payments policy. - Some apps used subscriptions through Google Play’s official billing system. - Others used third-party payments. - In some cases, the apps included payment card checkout forms directly inside the app. - The fees varied across the apps. - The highest requested price was US$80. - The lowest subscription tier averaged €5. - Subscriptions bought through Google Play can be canceled. - Existing subscriptions tied to the 28 removed apps were canceled when Google pulled the apps from Google Play. - Some Google Play purchases may be eligible for refunds. - Payments made outside Google Play cannot be canceled by Google. - Google also cannot issue refunds for those outside payments. - Users who paid outside Google Play must contact their payment provider. - ESET pointed readers to its blog post, Fake call logs, real payments: How CallPhantom tricks Android users, for more details.

Between the lines: - The scam relied on curiosity and trust rather than malware-style permission abuse. - The low-friction design may have helped the apps reach a broad audience before removal. - The payment split is important because Google’s billing system offers more user protection than outside checkout flows. - The fraud appears built to monetize false utility, not to collect real device data.

What’s next: - Users who installed any of the removed apps should check for active subscriptions and review recent charges. - Anyone who paid outside Google Play should contact the relevant payment provider as soon as possible. - ESET said readers can follow its research updates on X, BlueSky and Mastodon.

The bottom line: - CallPhantom shows how fake utility apps can still generate real losses, even without stealing personal data.