ESET researchers discovered fake apps on Google Play that promised users access to the call history of “any number.” These apps, which ESET dubbed CallPhantom due to their deceptive claims, falsely claimed to offer call history, SMS logs, and even WhatsApp call logs for any phone number.
To gain access to this supposed feature, users were asked to pay, but instead of real data they received randomly generated information.
ESET’s research identified a total of 28 such fake apps, which had been installed more than 7,3 million times. As a partner of the App Defense Alliance, ESET informed Google of its findings, and the company removed all apps included in the report from Google Play.
The CallPhantom apps were primarily targeted at Android users in India and the wider Asia-Pacific region. Many of them defaulted to the Indian area code (+91) and supported UPI, a payment system widely used in the country.
“In November 2025, we spotted a post on Reddit about an app called “Call History of Any Number,” which was available on Google Play. As expected, our analysis showed that the “call history” data provided by the app was completely fake. The app generated random phone numbers and matched them with predefined names, times, and call durations, which were built directly into the code,” said ESET researcher Lukáš Štefanko, who uncovered the CallPhantom scam.
CallPhantom apps have a simple user interface and do not request any intrusive or sensitive permissions. They also do not include any functionality capable of retrieving actual call, SMS or WhatsApp data.
In the CallPhantom apps analyzed by ESET, researchers identified three different payment methods, two of which violate Google Play’s payment policy. Some apps relied on subscriptions through the official Google Play billing system, while others used payments through third-party providers. In some cases, credit card payment forms were embedded directly into the CallPhantom apps.
The fees for the fake service vary significantly from app to app. The apps also appear to offer different subscription packages, such as weekly, monthly, and annual plans, with the highest price reaching $80 USD. For the lowest “subscription level,” the average asking price was €5.
Subscriptions purchased through the official Google Play billing system can be canceled. For the 28 apps described in this post, existing subscriptions were canceled when the apps were removed from Google Play. In some cases, refunds for purchases made through Google Play are also possible.
However, if the purchase was made outside of Google Play, for example, by entering payment card details within the app or through third-party services, then Google cannot cancel the subscription or issue a refund. In these cases, users should contact their payment provider directly.
For more details on CallPhantom, please see the latest ESET Research blog post, "Fake call logs, real payments: How CallPhantom tricks Android users», At WeLiveSecurity.com.
Examples of CallPhantom apps available on Google Play
Although the press releases will range from very select to rare, I said I'd pass...because sometimes the editors hide.
