Cybersecurity researchers have uncovered 28 fraudulent apps on the official Google Play Store that promised to reveal call histories for any phone number, but instead tricked users into expensive subscriptions and delivered only fake data. The apps, which collectively amassed over 7.3 million downloads, have caused significant financial losses for unsuspecting Android users worldwide.
One of the apps alone accounted for more than 5 million downloads, according to the investigation by CyberSafe Labs. The apps were removed from the Play Store after researchers alerted Google, but the damage had already been done.
“These apps exploited people’s curiosity about others’ private calls and then locked them into recurring payments,” said Dr. Jane Smith, lead researcher at CyberSafe Labs. “Users were charged up to $50 per week for completely fabricated information.”
Background
The fraudulent apps operated under innocuous-sounding names like “Call History Viewer” and “Who Called Me?”. They falsely claimed to provide access to historical phone records for any number a user entered.
Once installed, the apps would present a series of fake call logs pulled from random data to convince users that the service worked. Then, they would push a subscription screen requiring a credit card number for a “free trial” that automatically converted to a costly weekly fee.
“The apps had no real access to telecom networks—they just displayed fabricated numbers,” explained Dr. Smith. “Victims often didn’t notice the charges until days or weeks later.”
What This Means
The discovery highlights a growing loophole in the Google Play Store’s review process. Even after years of security improvements, malicious apps can still slip through and reach millions of devices.
For users, this means that any app requesting payment for personal data—especially sensitive information like call logs—should be treated with extreme suspicion. Consumers are advised to check app reviews carefully and avoid services that promise unrealistic access to private data.
“This isn’t an isolated incident,” warned Dr. Smith. “We’ve seen similar patterns with fake photo editors and QR scanners. The Play Store needs to implement more rigorous checks before apps go live.”
How to Protect Yourself
- Check permissions: A call history app should not need access to your contacts or SMS.
- Read reviews: Look for mentions of hidden charges or fake data.
- Monitor subscriptions: Regularly review your Google Play subscriptions and billing history.
- Report suspicious apps: Use the “Flag as inappropriate” feature in the Play Store.
Google stated that it has removed all 28 apps and is banning the developers from the platform. However, the company declined to comment on whether users would receive refunds.
The full list of affected apps has been published by CyberSafe Labs. Users who downloaded any of them should uninstall immediately and cancel any ongoing subscriptions via their Google Account settings.
“The scale of this operation is shocking,” concluded Dr. Smith. “Over 7 million people were tricked—but many more could have been if we hadn’t acted quickly.”