Android scam promises access to call logs for any phone number

Apps that promise to display the call history of other people’s phone numbers are currently luring millions of users into a cost trap. Security experts at the European IT security firm ESET are warning of a new scam: users pay money but receive only fabricated data. According to ESET’s findings, 28 such applications have been downloaded more than 7.3 million times. As a partner of the App Defense Alliance, ESET has informed Google of the findings. Google subsequently removed all the apps mentioned in this report from the Play Store.

The apps claim to provide access to call logs, text message histories or even WhatsApp calls for any person. This is precisely what makes them so appealing to many users. However, these promises are technically impossible to fulfil. “In November 2025, we came across a Reddit post discussing an app called ‘Call History of Any Number’, which was available on the Google Play Store,” explains ESET researcher Lukáš Štefanko, who uncovered the scam. “Our analysis quickly showed that the call data displayed was entirely fabricated. The app generates random phone numbers and combines them with fixed names, call times and durations. This data is hard-coded directly into the app.”

The CallPhantom apps were primarily aimed at Android users in India and the Asia-Pacific region.

Many apps had the Indian country code +91 preset and supported UPI, a payment system widely used in India.

Staged to look deceptively real

To make the apps appear credible, the operators rely on several tricks. In addition to some positive reviews in the Play Store, intended to build trust, targeted deception mechanisms are also employed.

For example, some apps displayed notifications in the style of incoming messages, supposedly announcing completed results. However, anyone who clicked on them was taken directly to a payment page.

It is also striking that the apps request very few permissions. To many users, this appears legitimate – in fact, it is part of the deception, as the apps do not need access to any real data at all.

Subscription model for fraudulent apps

During its investigation, ESET found that three different payment methods were used. Two of these violate Google Play’s payment guidelines. Some apps used subscriptions via Google’s official billing system. Others relied on third-party payments. In some cases, credit card forms were integrated directly into the apps.

The prices charged vary widely. Among other things, weekly, monthly or annual subscriptions were offered. The highest price identified was 80 US dollars. The cheapest subscription tier cost around five euros on average.

Subscriptions taken out via the official Google Play billing system can generally be cancelled. For the 28 apps described by ESET, existing subscriptions were terminated after the apps had been removed from the Play Store. In some cases, refunds via Google are also possible.

However, if payment was made outside of Google Play – for example, by entering credit card details within the app or via third-party providers – Google can neither cancel the subscription nor arrange a refund.

In such cases, those affected must contact their payment service provider directly.