billing system Archives

AppWizard

May 25, 2026

Over 200 Fake Android Apps Are Quietly Stealing Money From Phone Bills

Zimperium identified a sophisticated malware campaign that exploited nearly 250 Android applications, posing as popular games and social media platforms. The malware ensnared users into premium subscription services without consent, using techniques like JavaScript injection and interception of one-time passwords. The campaign primarily targeted users in Malaysia, Romania, Thailand, and Croatia, with the malware capable of reading SIM cards and activating for specific mobile carriers. Zimperium first detected the scam in March 2025 and monitored it until at least January 2026. Google stated that none of the compromised applications were available on its app store and emphasized that Android users are protected by Google Play Protect. The hackers deployed three malware variants, with the first using an automated subscription engine, the second targeting users in Thailand with premium SMS messages, and the third combining SMS fraud with real-time notifications to attackers via Telegram. The campaign primarily affected Malaysian SIM card users, with significant activity also in Thailand and Romania. Despite the campaign's last known activity in January, parts of its infrastructure remain operational. The attacks highlight vulnerabilities in application security and the challenges of policing app downloads from third-party marketplaces.

AppWizard

May 11, 2026

28 Android apps delivering bogus information were installed 7 million times from Google Play Store

The CallPhantom apps achieved 7.3 million installations on the Google Play Store but provided users with randomly generated data instead of legitimate information. ESET, part of the App Defense Alliance, discovered the deceptive nature of these apps and reported them to Google, leading to their removal. Some of the 28 identified apps had bypassed the official billing system, complicating refund processes. The investigation began with an app called Call History of Any Number, which falsely claimed to provide call histories for any number, despite being associated with a misleading developer name, Indian gov.in. The apps produced fabricated call histories by generating random phone numbers paired with fixed names and call details. They primarily targeted Android users in India and utilized the widely used UPI payment system. User comments in the Play Store warned others about the fraudulent nature of the service. The apps also employed tactics to lure users into paying for non-existent data, including fake email notifications prompting users to subscribe.

AppWizard

May 9, 2026

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Cybersecurity researchers from ESET have discovered 28 fraudulent applications on the Google Play Store that falsely claimed to provide access to call histories for any phone number. These apps have been downloaded over 7.3 million times, with one app alone accounting for over 3 million downloads. The operation, named CallPhantom, primarily targeted Android users in India and the Asia-Pacific region. Users were lured into subscription services, paying for access to fictitious data, including call histories and SMS records, but received only randomly generated information. Some apps were published under the developer name "Indian gov.in" to create a false sense of trust. Payments were processed through the Google Play Store or third-party applications like Google Pay and Paytm. Users who subscribed via Google Play may be eligible for refunds, while those who used third-party payment methods may not be able to recover their funds. The fraudulent activity may have been ongoing since at least November 2025.

AppWizard

May 8, 2026

Android alert: 7 million users downloaded ‘stalking’ apps that were actually scams

Security researchers at ESET uncovered a scam involving 28 applications named "CallPhantom," which collectively amassed over 7.3 million downloads on the Google Play Store. These apps promised access to call histories, SMS records, and WhatsApp call logs for any phone number, raising privacy concerns. They requested intrusive permissions from users' devices, leading to potential privacy violations. Payment structures varied, with some using Google Play's billing system and others circumventing it through third-party methods. ESET reported the apps to Google in December 2025, resulting in their removal from the Play Store. A recent search confirmed that these apps are no longer available.

AppWizard

May 8, 2026

Scam Android apps on Google Play got millions of downloads from a creepy pitch

Researchers uncovered a scam involving 28 fraudulent applications on the Google Play Store, collectively called "CallPhantom," which garnered over 7.3 million downloads. These apps promised access to call logs, SMS records, and WhatsApp history for any phone number, but users received fabricated data after paying a fee. The apps varied in appearance but shared a common strategy of generating random phone numbers and pairing them with pre-existing names and call details. Some requested email addresses to send the 'retrieved' history, but none had the necessary permissions to access the claimed data. Payment methods included Google Play’s official billing system and third-party platforms, with some apps misleading users into staying on subscription screens. ESET reported these apps to Google on December 16, leading to their removal from the Play Store.

AppWizard

May 8, 2026

Fake call logs, real payments: How CallPhantom tricks Android users

A series of fraudulent applications known as CallPhantom have been identified on the Google Play Store, claiming to provide access to call logs, SMS records, and WhatsApp call history for a fee. A total of 28 CallPhantom apps were reported, with over 7.3 million downloads. These apps falsely generated random phone numbers and fabricated data, misleading users into paying for nonexistent services. The apps primarily targeted Android users in India, utilizing UPI for payments and often sidestepping Google Play's official billing system. Users expressed frustration in negative reviews after being scammed. The investigation revealed two clusters of deceptive applications: one that presented hardcoded data and another that promised to send call histories via email after payment. Refunds may be possible for subscriptions made through Google Play, but users who paid outside the platform must contact their payment provider or the app developer for resolution.

AppWizard

May 2, 2026

Google is paying out $700M to Android app buyers

A federal court has approved a 0 million settlement involving Google, resulting from a lawsuit by 53 state attorneys general alleging unlawful monopolization of Android app distribution and in-app payments. Google has set aside 0 million for a consumer reimbursement fund and million for the states involved, without admitting wrongdoing. Consumers who made purchases on the Google Play Store from August 2016 to September 2023 may be eligible for compensation, with payouts based on individual spending, guaranteeing a minimum of . Most eligible consumers will receive payments automatically via PayPal or Venmo, with options for those without these accounts to use a supplemental claims process. Additionally, there is a separate million settlement for claims regarding unauthorized use of cellular data, and a million California-specific settlement for Google Play subscription renewals between May 30, 2014, and October 27, 2019.

Tech Optimizer

April 16, 2026

Deploy Postgres and MySQL databases with PlanetScale + Workers

Cloudflare has deepened its partnership with PlanetScale to enhance the developer experience by providing Cloudflare Workers with access to Postgres and MySQL databases. Users will be able to create PlanetScale databases directly from the Cloudflare dashboard and API, with billing handled through their Cloudflare accounts. Cloudflare credits can be applied towards PlanetScale databases. The integration allows developers to link their PlanetScale accounts and create Postgres databases from the Cloudflare dashboard. Starting next month, new PlanetScale databases will be billed directly to Cloudflare accounts. The integration uses Hyperdrive for database connectivity, managing connection pools and query caching. PlanetScale offers performance and reliability, allowing developers to choose between Postgres and Vitess MySQL. Cloudflare users can deploy PlanetScale databases directly from Cloudflare, with features like query insights and usage breakdowns included. A single node on PlanetScale Postgres starts at a specified monthly rate. Developers can configure Workers to minimize latency by placing them near the primary database, with future plans to automate this process. Currently, billing for existing PlanetScale databases is processed through PlanetScale, but new databases will be billed through Cloudflare starting next month. Further enhancements and API integration are planned, with community feedback encouraged.

AppWizard

April 15, 2026

Aptoide sues Google for Android app store monopoly

Aptoide, a Portuguese app store company, has filed an antitrust lawsuit against Google in a federal court in San Francisco, alleging that Google is monopolizing the distribution of Android applications and payment processing. Aptoide claims that Google's practices hinder its ability to compete, despite offering lower commissions and more affordable options. The lawsuit seeks court orders to stop these practices and demands triple damages. Aptoide previously won a legal case against Google in 2018 regarding the removal of its app without user consent and was involved in the European Commission's Android antitrust case that resulted in a €4.34 billion fine against Google. The lawsuit comes amid increased scrutiny of Google's business practices, including a December 2023 jury ruling that found Google maintained an illegal monopoly in Android app distribution and in-app billing. Following this ruling, a U.S. District Court ordered Google to implement reforms to enhance competition within the Android ecosystem. Additionally, a proposed settlement between Google and Epic Games aims to facilitate the installation of third-party app stores and allow alternative payment methods. In August 2024, a U.S. District Court identified Google as a monopolist in the general search market, citing exclusionary agreements that restrict competition. Aptoide's lawsuit reflects concerns among smaller competitors about Google's influence over Android app distribution despite ongoing legal challenges.

AppWizard

March 20, 2026

Google introduces a new way for users to sideload Android apps that still protects against scams

Google has announced a new "advanced flow" setting that simplifies the process for Android users to install applications from sources outside the Play Store by allowing them to disable a verification requirement. This change responds to user demand for more flexibility in app installation, despite the associated risks of unverified applications. Previously, Google required all Android apps to be registered by verified developers to prevent malware and fraud. The new setting involves enabling developer mode, followed by a verification check to ensure users are not being scammed, a phone restart, and a protective waiting period of one day before confirming the change. Users can choose to enable the option to install apps from unverified developers for seven days or indefinitely, with a warning provided for unverified apps. Additionally, Google is offering free distribution accounts for students and hobbyists to share apps with a small group without ID verification. These changes follow a legal settlement with Epic Games, resulting in reduced Play Store commissions to 20% on in-app purchases.