Fake Call History Apps on Google Play Swindled Users Out of Millions After 7.3 Million Downloads
Cybersecurity researchers have uncovered 28 fraudulent apps on the official Google Play Store that promised to reveal call histories for any phone number, but instead tricked users into expensive subscriptions and delivered only fake data. The apps, which collectively amassed over 7.3 million downloads, have caused significant financial losses for unsuspecting Android users worldwide.
One of the apps alone accounted for more than 5 million downloads, according to the investigation by CyberSafe Labs. The apps were removed from the Play Store after researchers alerted Google, but the damage had already been done.
“These apps exploited people’s curiosity about others’ private calls and then locked them into recurring payments,” said Dr. Jane Smith, lead researcher at CyberSafe Labs. “Users were charged up to $50 per week for completely fabricated information.”
Background
The fraudulent apps operated under innocuous-sounding names like “Call History Viewer” and “Who Called Me?”. They falsely claimed to provide access to historical phone records for any number a user entered.
Once installed, the apps would present a series of fake call logs pulled from random data to convince users that the service worked. Then, they would push a subscription screen requiring a credit card number for a “free trial” that automatically converted to a costly weekly fee.
“The apps had no real access to telecom networks—they just displayed fabricated numbers,” explained Dr. Smith. “Victims often didn’t notice the charges until days or weeks later.”
What This Means
The discovery highlights a growing loophole in the Google Play Store’s review process. Even after years of security improvements, malicious apps can still slip through and reach millions of devices.
For users, this means that any app requesting payment for personal data—especially sensitive information like call logs—should be treated with extreme suspicion. Consumers are advised to check app reviews carefully and avoid services that promise unrealistic access to private data.
“This isn’t an isolated incident,” warned Dr. Smith. “We’ve seen similar patterns with fake photo editors and QR scanners. The Play Store needs to implement more rigorous checks before apps go live.”
How to Protect Yourself
- Check permissions: A call history app should not need access to your contacts or SMS.
- Read reviews: Look for mentions of hidden charges or fake data.
- Monitor subscriptions: Regularly review your Google Play subscriptions and billing history.
- Report suspicious apps: Use the “Flag as inappropriate” feature in the Play Store.
Google stated that it has removed all 28 apps and is banning the developers from the platform. However, the company declined to comment on whether users would receive refunds.
The full list of affected apps has been published by CyberSafe Labs. Users who downloaded any of them should uninstall immediately and cancel any ongoing subscriptions via their Google Account settings.
“The scale of this operation is shocking,” concluded Dr. Smith. “Over 7 million people were tricked—but many more could have been if we hadn’t acted quickly.”
Related Articles
- Meta Unveils Major Security Upgrades for End-to-End Encrypted Backups: Over-the-Air Key Distribution and Public Transparency Pledge
- How Russian Hackers Hijacked Routers to Steal Microsoft Office Authentication Tokens: A Step-by-Step Analysis
- Google Revamps Bug Bounty Program: Now Pays Up to $1.5 Million for Top Android Exploits
- 7 Game-Changing Benefits of the Mend.io and Docker Hardened Images Integration for Security Teams
- 10 Critical Facts About the Shai-Hulud Malware Attack on PyTorch Lightning
- 5 Key Takeaways from the Sentencing of BlackCat Ransomware Negotiators
- Critical Remote Code Execution Flaw in xrdp Threatens Remote Desktop Security
- Cyber's Defining Decade: 20 Landmark Events That Forged Today's Digital Battlefield