Imagine paying for an app that promises to show you anyone's call history, you enter a phone number, you pay a subscription fee, and then the app shows you completely made-up names and numbers that mean absolutely nothing.
That is exactly what 28 fraudulent apps on the Google Play Store did, and collectively they tricked over 7.3 million Android users before Google finally removed them.
The Google Play fake call history apps scam was codenamed CallPhantom by cybersecurity company ESET, and the campaign primarily targeted Android users in India and the wider Asia-Pacific region.
What Did the Apps Promise?
The Google Play fake call history apps scam apps made bold claims, they said they could provide access to call histories for any phone number, SMS records, and even WhatsApp call logs, all you had to do was enter the target phone number and pay.
ESET security researcher Lukáš Štefanko explained that the offending apps purport to provide access to call histories, SMS records, and even WhatsApp call logs for any phone number, but to unlock this supposed feature users are asked to pay, and all they get in return is randomly generated data.
The Google Play fake call history apps scam apps had no real functionality whatsoever, they did not request any sensitive permissions, they did not actually retrieve any call or SMS data, and they could not possibly deliver what they promised because accessing someone else's call history without their permission is technically impossible on modern Android.
The Developer Name Trick
At least one of the Google Play fake call history apps scam apps was published under the developer name "Indian gov.in", and this was a deliberate attempt to build false trust.
Users saw "Indian gov.in" as the developer and assumed the app was officially endorsed by the Indian government, this trick likely drove thousands of additional downloads from unsuspecting users who thought they were using a legitimate government service.
The Google Play fake call history apps scam operators knew exactly what they were doing, government impersonation builds trust quickly, and trust leads to payments.
How the Scam Operated
The fake call log applications on Google Play utilized an intuitive operational workflow, which consisted of the following steps:
Step 1: Download the App: People were able to locate the Scam apps by conducting regular searches on the Play Store using common keywords such as "call history" or "information about phone numbers", and the Scam apps had fairly good user ratings with descriptions that appeared legitimate.
Step 2: Enter a Phone Number: The Scam App developers required users to input a phone number they wanted to research. This could have been their personal cell, a friend's number, or an unknown person's cell number.
Step 3: Hit a paywall. After entering a number, the Google Play fake call history apps scam apps demanded payment to "unlock" the call history details, subscription prices ranged from about 6to6to80 depending on the app.
Step 4: Receive fake data. Once the user paid, the Google Play fake call history apps scam apps generated entirely fabricated phone numbers and names that were hardcoded directly into the app's source code, no real data was ever retrieved.
The Exit Trick
Some Google Play fake call history apps scam apps used an additional psychological trick to pressure users into paying.
If a user attempted to exit the app without making any payment, the app displayed a deceptive notification claiming that a call history for the entered phone number had been successfully sent to their email address.
Curious users clicked the notification expecting to see the promised call history, but the Google Play fake call history apps scam notification instead took them directly to a subscription payment screen.
Payment Methods
The Google Play fake call history apps scam apps used three different payment methods.
Google Play billing: Some apps used the official Google Play Store subscription system, this method is legitimate and followed Google's policies, but it also made the scam harder to detect.
UPI payment apps: The Google Play fake call history apps scam also used third-party apps supporting Unified Payments Interface (UPI), which is widely used in India, and ironically this list included Google Pay, Walmart-backed PhonePe, and Paytm.
Direct card checkout: Some Google Play fake call history apps scam apps implemented payment card checkout forms directly inside the app, this method and the UPI method both violated Google's policies.
The 28 Apps and 7.3 Million Downloads
The Google Play fake call history apps scam included 28 distinct apps, and one of them alone accounted for over 3 million downloads.
The full list of identified apps includes names like:
1. Call history : any number deta
2. Call History of Any Number
3. Call Details of Any Number
4. Call History Any Number Detail
5. Phone Call History Tracker
6. Call History Pro
7. And 22 more with similar names
All 28 Google Play fake call history apps scam apps have since been removed from the Google Play Store, but the downloads had already happened, and many users had already paid.
Refund Situation
The Google Play fake call history apps refund situation will depend on the manner in which victims made their payments.
ESET explained that users who subscribed via official Google Play billing may be eligible for refunds under Google's refund policies, but purchases made via third-party payment apps or through direct payment card entry cannot be refunded by Google, leaving users dependent on external payment providers or the developers themselves.
If you paid through Google Pay, PhonePe, or Paytm, you need to contact those services directly, and if you entered your credit card information into a checkout form inside one of these apps, you should consider that card compromised.
Timeline of Activity
The Google Play fake call history apps scam appears to have been active since at least November 2025, and evidence suggests the operators were running this scheme for many months before ESET discovered it and Google removed the apps.
7.3 million downloads also occurred during that time period, but, even if only a small percentage of users who downloaded converted into a paid subscription, it still could potentially create millions of dollars in profits for the scammers.
How Did These Apps Get Through Google's Review Process?
There were several reasons why the Google Play of scams of fake call history apps were able to get through Google's review process.
1. The apps each had simple user interfaces and they did not request any "dangerous" permissions; they didn't request access to your contacts list, your SMS inbox, or even the state of your phone's hardware when they were run, so they did not raise red flags with Google's automatic scanning system.
2. The Google Play fake call history apps scam apps did not contain any typical "malicious code", because they were not stealing any data from you; they were not sending premium SMS to other users. They only lied about the functionality of the app.
3. In many instances, the subscription functionality of the Google Play fake call history apps scam apps was also provided through Google's own payment processing service, so the Google Play fake call history apps scam apps were able to be viewed as legitimate paid apps by the Google review process.
Related Scams in Indonesia
The Google Play fake call history apps scam is not the only Android fraud campaign active in Asia.
Group-IB recently reported that bad actors have stolen an estimated $2 million from Indonesian users as part of a fraud campaign impersonating the country's tax platform CoreTax and other trusted brands, and this campaign began in July 2025.
The attack chain integrates phishing websites, social engineering via WhatsApp, malicious APK sideloading, and voice phishing (vishing) to achieve full device compromise, and the malware deployed includes Gigabud RAT, MMRat, and Taotie.
Group-IB noted that the malware infrastructure supporting this fraud campaign is not limited to a single impersonated service, the same infrastructure has been observed actively abusing more than 16 trusted brands while collectively targeting Indonesia's population of approximately 287 million people.
How to Protect Yourself from App Scams
The Google Play fake call history apps scam is over, but similar scams will appear again.
1. Be wary of unrealistically "too-good-to-be-true" claims for any application. No app can display call history from any desired phone number as this technically cannot be done, therefore any app making a claim stating otherwise is attempting to deceive users.
2. Examine the name of the app developer very closely. Many fake call history apps that were distributed via Google Play originally impersonated the Indian government by using "gov.in" as their website. Always look for a verification badge that is provided by an application store and also check the website(s)/apps of the developer prior to downloading an app.
3. Read recent reviews. The Google Play fake call history apps scam apps may have had good overall ratings, but recent reviews often revealed the scam, sort reviews by "most recent" before downloading.
4. Avoid third-party payments inside apps. If an app asks you to pay through a direct card form or a third-party UPI app instead of Google Play billing, this is a red flag, and the Google Play fake call history apps scam used exactly these methods.
5. Request refunds immediately. If you paid for any of these apps through Google Play billing, contact Google for a refund, if you paid through UPI apps, contact those providers, and if you entered card details directly, cancel that card.
Final Thoughts
The Google Play fake call history apps scam succeeded because it exploited human curiosity, people want to know who called whom, they want to check if their partner is cheating, they want to investigate unknown numbers, and scammers know this.
The Google Play fake call history apps scam operators made millions of dollars by doing almost nothing, they built simple apps with hardcoded fake data, they published them on Google Play, and they waited for curious users to pay.
Google has removed these 28 apps, but the developer accounts that published them may still be active, and new variants with different names could appear tomorrow, do not pay for impossible promises, and if an app claims to show anyone's call history, assume it is a scam.
FAQ Section
Q1: What is the CallPhantom Google Play fake call history apps scam?
CallPhantom is a Google Play fake call history apps scam involving 28 Android apps that falsely claimed to show call history for any phone number, users paid subscriptions ranging from 6to6to80, and all they received was randomly generated fake data hardcoded into the apps.
Q2: How many downloads did the CallPhantom scam applications receive?
Cumulatively, the fraudulent call distributor application on Google Play has been downloaded 7.3 million times, with one application totaling more than 3 million downloads before Google removed it from the Google Play Store.
Q3: Where were the targeted locations of the CallPhantom scam?
The fraudulent call distributor applications on Google Play predominantly targeted users using Android devices throughout India and the rest of the Asia-Pacific region, in particular, at least one of the applications fraudulently used the developer name "Indian gov.in."
Q4: Are victims able to receive refunds from the CallPhantom Scam?
Victims that made purchases through the official Google Play Store might be entitled to some kind of refund because they used that particular payment method. Unfortunately, those that made payments to third-party applications (Google Pay, PhonePe, Paytm) or used direct credit card methods won’t be able to receive any type of refund through Google and will need to consult with those payment providers on their own.
Q5: How did these fake apps get through Google Play’s security checks?
The reason that the fake apps that provide fake call history got through Google’s checks was that they didn’t request anything that could be considered harmful and didn’t include any traditional types of malware. The apps had very simple user interfaces, used Google Play billing for many of them, and the only thing that they committed was lying about what the apps would do, which made it harder for the automated scanners to detect.
Source: The Hacker News
