GoKawiilAndy Walker / Android Authority
TL;DR Researchers found dozens of fraudulent Google Play apps that promised call, SMS, and WhatsApp history for any number.
The apps had more than 7.3 million combined downloads before Google removed them.
The apps charged users and returned fake data.
Google Play is supposed to be the safer place to get Android apps, but not every app on the store deserves your trust, especially if you’re seeking them out for potentially nefarious purposes. A newly detailed scam shows how far a dubious app can go before it’s stopped, with 28 apps on Google Play racking up more than 7.3 million downloads by promising access to other people’s call logs, SMS records, and WhatsApp call history.
Have you encountered a scam ad on Android? 1075 votes Yes, I encounter them regularly. 41 % Yes, but only one or two. 12 % I’ve seen them on others’ phones. 9 % No, I run a systemwide ad-blocking solution. 26 % I’m not entirely sure. 10 % It's complicated (elaborate in the comments). 2 %
ESET researchers detailed the scam in a WeLiveSecurity report, where they collectively refer to the apps as “CallPhantom.” The apps differed in appearance, but the trick was the same: you entered a phone number, paid to unlock the supposed communication records, and received fake data in return.
Don’t want to miss the best from Android Authority? Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.
to never miss our latest exclusive reports, expert analysis, and much more. You can also set us as a preferred source in Google Search by clicking the button below.
The researchers found that some apps generated random phone numbers and paired them with names and call details already embedded in the code. Others asked users for an email address where the ‘retrieved’ history would supposedly be sent. Either way, ESET says the apps didn’t request intrusive permissions or have any real ability to access the requested data.
... continue reading