28 Fake Android Apps Downloaded by 7.8 Million Indians Removed From Google Play Store After Major Scam Exposed

In reality, these apps delivered completely fabricated data while charging users for subscriptions.

The apps falsely promised to reveal private call histories, SMS records, and WhatsApp call logs of any phone number.

Despite Google’s attempt at cutting down on spam apps with cutting-edge technology on the Play Store, a security research firm has now found almost 28 fraudulent apps that were downloaded by over 7.8 million Indians. The apps, which tricked users by promising features like fake call and WhatsApp records, were found to be fraudulent ones, leading Google to eventually delete them from the Play Store.

The apps falsely promised to reveal private call histories, SMS records, and WhatsApp call logs of any phone number. In reality, these apps delivered completely fabricated data while charging users for subscriptions.

While Google failed to uncover the campaign, security research firm ESET uncovered the fraud and named it “CallPhantom”. The investigation started after researchers noticed suspicious apps on the Play Store, including one published under the misleading developer name “Indian gov.in”.

How the scam campaign worked on Google Play

These 28 fraud apps claimed in their description that they could fetch detailed call logs, messages, and even WhatsApp activity for any number entered by the user. In reality, though, the data shown was entirely fake, i.e., random phone numbers paired with hardcoded names, durations, and timestamps stored inside the app’s code.

ALSO READ

Nothing Phone 4a Pro Review: Stylish Design, Smooth Performance & Solid Battery Life

Users were lured with a preview and then prompted to pay for a subscription to “unlock” full results. Subscription prices ranged from around €5 to as high as $80 per year. Many apps had India’s +91 country code pre-selected and supported UPI payments, making them especially attractive to Indian users.

Many popular apps reached 1 million or 500,000 downloads each.

Google took action after the report

ESET reported the 28 scam apps to Google on December 16, 2025. All of them have since been removed from the Google Play Store, thus preventing distribution via the official Android app store. Google has also cancelled active subscriptions made through its billing system and issued refunds where applicable.

Users who paid through third-party methods may need to contact their banks or payment providers directly for refunds.

ALSO READ

Google’s New QR reCAPTCHA Explained: Why Privacy-Focused Android Users Could Get Blocked

What to do if you have these apps downloaded

Cybersecurity experts from ESET warn that curiosity-driven apps, promising access to the private data of others, are almost always scams. No legitimate app can legally or technically retrieve someone else’s personal call records or WhatsApp data in this manner. ESET researchers advised Android users to:

• Stick to well-known apps with high ratings and genuine reviews.
• Be extremely cautious of apps claiming to show “any number” data.
• Regularly review and cancel suspicious subscriptions in their Google Play account.