Google warns 7 million Android users to delete these fake apps

Millions of Android users fell for fake surveillance tools that charged monthly fees

More than 7 million downloads were linked to fake “spy apps” removed from Google Play ©Image Credit: Unsplash / Adarsh Chauhan
More than 7 million downloads were linked to fake “spy apps” removed from Google Play ©Image Credit: Unsplash / Adarsh Chauhan

A total of 28 Android apps promising access to private call logs, SMS records, and even WhatsApp activity, just got removed from the Google Play Store after millions of downloads.

As it turned out, the apps were scams targeting people trying to spy on other people. Instead of delivering secret phone records, they mostly generated fake information and charged users for it.

Security researchers at ESET uncovered 28 apps tied to a scam campaign called “CallPhantom.” The apps claimed users could look up someone’s call history, view SMS records, access WhatsApp call logs, and track activity linked to a phone number, which, to be clear, is already a giant red flag.

Most legitimate apps cannot legally or technically give random users access to somebody else’s private communications. But millions of people downloaded them anyway, and unsurprisingly, the “results” were completely fake. That included fake phone numbers, made-up names, fabricated call durations, and random timestamps.

Some apps also claimed they would send “detailed reports” to users by email, but only after they paid a subscription fee. The reports either never arrived or contained fake information.

So, users were basically paying for AI-generated nonsense dressed up as surveillance tools.

Surprisingly, the apps weren’t stealing phone data

Unlike a lot of scam apps, these didn’t aggressively request dangerous permissions or install obvious malware.

The scam was pretty much promise illegal-looking access, charge money, generate fake data, and disappear. Some apps used Google Play’s official payment system, while others tried to route payments through outside methods that bypassed Google’s rules.

Google has now removed the apps

ESET says it reported the apps to Google back in December 2025. The apps have since been removed from the Play Store.

According to researchers, the scam mainly targeted users in India, Asia-Pacific regions. But Android users everywhere were potentially exposed.

In order to avoid falling for this kind of scam in the future, users are advised to avoid apps making unrealistic promises. It is also very good practice to check reviews carefully, stick to reputable developers, keep Google Play Protect enabled, and avoid granting unnecessary permissions.

Most importantly, if an app claims it can secretly reveal another person’s private calls or messages, it is probably fake, shady, or both.

Source: Tom’s Guide