A group of fraudulent Android apps claiming to provide call histories, SMS records, and WhatsApp call logs for any phone number amassed more than 7.3 million downloads on Google Play before being removed, according to research published by ESET on WeLiveSecurity.
The apps, which ESET researchers collectively named CallPhantom, promised users access to private communication records in exchange for payment. In reality, the apps had no such capability. Instead, they displayed fabricated data, often generated from hardcoded names, numbers, call times, and durations embedded directly in the app code.
Because apparently even scams now come with subscription tiers. Humanity continues to innovate in the worst possible direction.
Apps promised private call records, but delivered fake data
ESET’s investigation began in November 2025 after researchers found a Reddit post discussing an app called Call History of Any Number, available on Google Play. The app claimed it could retrieve the call history of any phone number entered by the user. It was published under the developer name Indian gov.in, although ESET found no real connection to the Indian government.
Analysis showed that the “results” shown by the app were entirely fake. Rather than retrieving actual records, the app generated random phone numbers and matched them with fixed names, timestamps, and call durations stored in the app’s code. These fabricated records were then presented to users only after they paid.
ESET later identified 28 related apps on Google Play using the same basic deception. While the apps differed in design and presentation, their purpose was the same to convince users they could access private communication data, then charge them for fabricated results.
ESET reported the full set of apps to Google on December 16, 2025. According to the report, all identified apps had been removed from Google Play by the time of publication.
India and Asia-Pacific users were heavily targeted
The CallPhantom apps appeared to primarily target Android users in India and the wider Asia-Pacific region. Several apps had India’s +91 country code preselected, and many supported UPI, a payment system widely used in India.
The apps also attracted negative reviews from users who said they had been scammed and never received the promised data. ESET noted that scammers likely exploited curiosity around private information, making the fake service seem tempting to users. A few positive reviews, likely fake or manipulated, may have helped make the apps appear more credible.
Two main CallPhantom app clusters
ESET identified two main clusters of CallPhantom apps. The first cluster generated partial fake results before asking users to pay. These apps contained hardcoded names, country codes, and message templates, and then combined them with randomly generated phone numbers. Users were shown limited “results” and asked to pay to unlock the full fake history.
The second cluster asked users to enter an email address where the alleged call history would supposedly be delivered. In these cases, users had to pay or subscribe before any results were allegedly sent.
Despite their claims, the apps did not request intrusive permissions because they did not need them. ESET found no functionality in the apps capable of retrieving real call logs, SMS records, or WhatsApp call data from another phone number.
Some apps bypassed Google Play billing
ESET observed three payment methods across the CallPhantom apps. Some apps used Google Play’s official billing system for subscriptions. That method falls under Google’s standard subscription and refund process.
Other apps use third-party payment apps supporting UPI. In some cases, payment links were hardcoded into the apps. In others, the links were fetched from a Firebase Realtime Database, allowing the operators to change payment accounts remotely.
A third group of apps included payment card checkout forms directly inside the app.
The latter two methods violate Google Play’s payment policies, according to ESET. They also make refunds harder for victims, since Google cannot cancel or refund payments made outside its official billing system.
ESET also found one app using deceptive notifications to push users into paying. If a user exited without subscribing, the app displayed alerts styled as new emails claiming the call history results had arrived. Tapping the notification led back to a subscription screen.
The requested fees varied widely. Some apps offered weekly, monthly, or yearly subscription packages. ESET found the highest requested price was US$80, while the average price for the lowest subscription tier was around €5.
What victims can do
Users who subscribed through Google Play can cancel subscriptions in the Play Store app by going to:
Profile icon → Payments & subscriptions → Subscriptions → Select subscription → Cancel subscription
ESET noted that for the 28 apps in its report, existing Google Play subscriptions were canceled when the apps were removed from the store.
Refunds may be possible for purchases made through Google Play, depending on the timing, item type, and Google’s refund policy. Users must submit refund requests within the allowed refund window.
For payments made outside Google Play, such as through UPI apps or direct card entry, Google cannot cancel the subscription or issue a refund. Victims must contact their payment provider, card issuer, or the app developer.
List of Identified Apps
App name | Package name | Number of downloads |
Call history : any number deta | calldetaila.ndcallhisto.rytogetan.ynumber | 3M+ |
Call History of Any Number | com.pixelxinnovation.manager | 1M+ |
Call Details of Any Number | com.app.call.detail.history | 1M+ |
Call History Any Number Detail | sc.call.ofany.mobiledetail | 500K+ |
Call History Any Number Detail | 500K+ | |
Call History Of Any Number | com.basehistory.historydownloading | 500K+ |
Call History of Any Numbers | com.call.of.any.number | 100K+ |
Call History Of Any Number | com.rajni.callhistory | 100K+ |
Call History Any Number Detail | com.callhistory.calldetails.callerids.callerhistory.callhostoryanynumber.getcall.history.callhistorymanager | 100K+ |
Call History Any Number Detail | com.callinformative.instantcallhistory.callhistorybluethem.callinfo | 100K+ |
Call History Any Number detail | com.call.detail.caller.history | 100K+ |
Call History Any Number Detail | com.anycallinformation.datadetailswho.callinfo.numberfinder | 100K+ |
Call History Any Number Detail | com.callhistory.callhistoryyourgf | 100K+ |
Call History Any Number | com.calldetails.smshistory.callhistoryofanynumber | 50K+ |
Call History Any Number Detail | com.callhistory.anynumber.chapfvor.history | 50K+ |
Call History of Any Number | 50K+ | |
Call History Any Number Detail | com.name.factor | 50K+ |
Call History Of Any Number | com.getanynumberofcallhistory.callhistoryofanynumber.findcalldetailsofanynumber | 50K+ |
Call History Of Any Number | com.chdev.callhistory | 10K+ |
Phone Call History Tracker | com.phone.call.history.tracker | 10K+ |
Call History- Any Number Deta | com.pdf.maker.pdfreader.pdfscanner | 10K+ |
Call History Of Any Number | com.any.numbers.calls.history | 10K+ |
Call History Any Number Detail | com.callapp.historyero | 1K+ |
Call History - Any Number Data | all.callhistory.detail | 500+ |
Call History For Any Number | com.easyranktools.callhistoryforanynumber | 100+ |
Call History of Numbers | com.sbpinfotech.findlocationofanynumber | 100+ |
Call History of Any Number | callhistoryeditor.callhistory.numberdetails.calleridlocator | 50+ |
Call History Pro | com.all_historydownload.anynumber.callhistorybackup | 50+ |
A simple warning sign: no app can do this
The central claim behind CallPhantom was technically impossible in the way these apps presented it. A normal Android app cannot retrieve the call history, SMS records, or WhatsApp call logs of any phone number simply because a user enters that number.
Apps making this kind of promise should be treated as scams. Users should also be cautious of apps that ask for payment before showing results, rely on vague claims, use government-like developer names without proof, or route payments outside the official app store billing system.
