ESET researchers have uncovered fraudulent apps on Google Play that claim to provide the call history “for any number.” The offending apps, which ESET named CallPhantom based on their false claims, purport to provide access to call histories, SMS records, and even WhatsApp call logs for any phone number. To unlock this supposed feature, users are asked to pay — but all they get in return is randomly generated data. ESET’s investigation identified 28 such fraudulent apps, cumulatively downloaded more than 7.3 million times. As an App Defense Alliance partner, we reported our findings to Google, which removed all of the apps identified in this report from Google Play.
The CallPhantom apps mainly targeted Android users in India and the broader Asia Pacific region. Many of the apps came with India’s +91 country code preselected, and support UPI, a payment system used primarily in India.
“In November 2025, we came across a Reddit post discussing an app named Call History of Any Number, found on Google Play. Unsurprisingly, our analysis showed that the ‘call history’ data provided by this app is entirely fabricated — the app generates random phone numbers and matches them with fixed names, call times, and call durations, which were embedded directly in the code,” says ESET researcher Lukáš Štefanko, who uncovered the CallPhantom fraud.
In general, CallPhantom apps have a simple user interface and do not request any intrusive or sensitive permissions — they don’t need to. Coincidentally, they do not contain any functionality capable of retrieving actual call, SMS, or WhatsApp data.
In the CallPhantom apps ESET analyzed, researchers saw three different payment methods used, two of which are in violation of Google Play’s payments policy. Some of the apps relied on subscriptions via Google Play’s official billing system. Others relied on payments via a third party; in some cases, payment card checkout forms were included directly in the CallPhantom apps.
The fees requested for the fake service differ widely across the apps. The apps also appear to offer different subscription packages, such as weekly, monthly, or yearly services, with the highest requested price sitting at US$80. For the lowest “subscription tier,” the average requested price was €5.
In general, subscriptions purchased through the official Google Play billing system can be canceled. For the 28 apps described in this blog post, existing subscriptions were canceled when the apps were removed from Google Play. In some cases, refunds for Google Play purchases are possible.
If the purchase was made outside of Google Play — for example, by entering payment card details inside the app or by paying via third-party services — then Google cannot cancel the subscription or issue a refund, and users have to contact their payment provider.
For a more details about CallPhantom, check out the latest ESET Research blog post, “Fake call logs, real payments: How CallPhantom tricks Android users,” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research.
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit www.eset.com or follow us on Facebook, YouTube and Twitter.