A recent investigation has led to the removal of 28 Android applications from the Google Play Store, which had collectively amassed millions of downloads. These apps, marketed as tools for accessing private call logs, SMS records, and even WhatsApp activity, were ultimately revealed to be scams designed to exploit users’ curiosity about surveillance.
Security researchers at ESET identified these applications as part of a larger scam campaign dubbed “CallPhantom.” The apps made bold claims, suggesting that users could easily look up someone’s call history, view SMS records, and track activities associated with a phone number. However, the reality was far from these assertions, raising immediate concerns about their legitimacy.
Legitimate applications are bound by legal and technical constraints that prevent them from granting unauthorized access to another individual’s private communications. Yet, despite these glaring red flags, millions of users were drawn to download these deceptive tools, only to find that the information provided was entirely fabricated. Users received fake phone numbers, fictitious names, bogus call durations, and arbitrary timestamps, all designed to mimic genuine surveillance data.
Moreover, some of these apps promised users “detailed reports” via email, contingent upon the payment of a subscription fee. Unfortunately, these reports either never materialized or were filled with nonsensical information, leaving users disillusioned and out of pocket. In essence, individuals were paying for AI-generated fabrications masquerading as sophisticated surveillance tools.
<span id="Surprisinglytheappswerentstealingphonedata”>Surprisingly, the apps weren’t stealing phone data
In a twist that sets these scams apart from typical malicious software, the apps did not aggressively seek dangerous permissions or install overt malware. Instead, the modus operandi involved promising illicit access, charging users, generating fictitious data, and then vanishing into the ether. While some apps utilized Google Play’s official payment system, others attempted to circumvent Google’s regulations by directing payments through external methods.
<span id="Googlehasnowremovedthe_apps”>Google has now removed the apps
Following ESET’s report to Google in December 2025, the apps have now been expunged from the Play Store. The primary targets of this scam were users in India and the Asia-Pacific region, although Android users worldwide were at risk of exposure.
To safeguard against falling victim to similar scams in the future, users are encouraged to be vigilant. It is prudent to steer clear of apps making unrealistic promises, scrutinize reviews meticulously, select reputable developers, maintain Google Play Protect, and refrain from granting unnecessary permissions. Most importantly, if an application claims to provide covert access to another person’s private communications, it is likely to be fraudulent, dubious, or both.
Source: Tom’s Guide
