Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Researchers identified 28 fraudulent applications on Google Play Store that deceived users into paid subscriptions by promising access to call histories for arbitrary phone numbers. The scam apps accumulated 7.3 million downloads across the platform, with individual apps reaching over one million installs.

The fake apps employed a common deception pattern. Users downloaded applications advertising the ability to retrieve complete call records from any phone number. After installation, the apps requested subscription activation, typically priced as recurring charges. Once users enrolled, the apps delivered fabricated call history data or functionality that never existed, while billing continued without delivering legitimate service.

This attack vector exploits user trust in Google's official Play Store ecosystem. The sheer volume of downloads indicates the scam remained undetected for an extended period, allowing threat actors to profit from subscription fees before enforcement action.

The financial impact affects individual users directly through unauthorized charges and potential identity concerns related to apps requesting sensitive phone-related data. Organizations face indirect exposure if employees downloaded these apps on corporate or BYOD devices, creating vectors for financial fraud and credential harvesting.

Google typically removes malicious apps from Play Store upon discovery, but damage occurs during the window between deployment and detection. Users who subscribed may experience ongoing billing issues requiring manual intervention with their payment providers.

This incident reflects broader challenges in app store moderation. Fraudulent subscription schemes consistently exploit Google's review processes by using legitimate-sounding functionality claims and subtle deceptive practices during the initial approval phase. The apps likely included basic functionality that appeared legitimate during sandbox testing before implementing the subscription scam post-install.

Users should audit Google Play subscriptions regularly, review permissions granted to installed apps, and report suspicious billing activity to payment providers immediately. Organizations should deploy mobile device management policies restricting sideloaded applications and requiring app store visibility controls.

THE BOTTOM LINE: Subscription fraud remains a profitable scheme on official app stores due to gaps