In a surprising twist in the world of mobile applications, security researchers at ESET have uncovered a scam that blurs the lines of culpability. The investigation revealed a collection of 28 applications, collectively named “CallPhantom,” which amassed over 7.3 million downloads on the Google Play Store. These apps lured users with the enticing promise of accessing call histories, SMS records, and even WhatsApp call logs for any phone number, raising significant concerns about privacy and security.
The modus operandi of these applications involved requesting intrusive permissions from users’ devices, which could lead to serious privacy violations. Payment structures for these apps varied; some utilized the official billing system provided by the Google Play Store, while others circumvented Google’s policies through third-party payment methods or alternative checkout forms.
ESET took action by submitting a detailed report regarding the CallPhantom apps to Google in December 2025. In response, Google promptly removed all identified applications from its platform. A recent search of the Play Store confirms that these apps are no longer available, highlighting the effectiveness of swift action against such threats.
How to stay safe from malicious apps
While it is clear that no one deserves to fall victim to scams, the allure of dubious applications that promise questionable capabilities can lead users down a risky path. To safeguard against potential threats, consider the following precautions:
- Exercise Caution: Avoid seeking out apps that offer dubious functionalities, particularly those that may infringe on privacy.
- Review Feedback: Scrutinize user reviews beyond the initial five-star ratings to gauge the app’s credibility.
- Choose Wisely: Download applications exclusively from reputable publishers and ensure that you keep them updated with the latest security patches.
- Manage Permissions: Be vigilant about granting accessibility permissions; reject any that seem unnecessary.
- Utilize Security Features: Enable Google Play Protect, a built-in tool that scans existing and newly downloaded apps for malware and other threats.
Although the CallPhantom apps did not appear to introduce malware or viruses, it remains prudent to protect your device with reliable antivirus software designed for Android. The potential risks associated with malicious applications are significant, making it advisable to limit the number of installed apps and to refrain from pursuing questionable services that promise to unveil others’ private communications.
