As of May 9, 2026, >7.3 million users have been duped by 28 fake call history apps on the official Google Play Store for Android. These apps, claiming to offer access to call histories for any phone number, tricked users into joining a subscription that provided fake data and incurred financial loss.
Key Takeaways
- The 28 apps have collectively racked up more than 7.3 million downloads.
- One of the apps alone has accounted for over 1 million downloads.
- The apps stole payments from users by providing fake data.
- The apps’ malicious activity was uncovered by cybersecurity researchers.
- The affected users are not explicitly named, but the total number of downloads is alarming.
Google Play Store’s Quality Control Fiasco
The discovery highlights a glaring issue with Google’s quality control processes. The company has invested heavily in its Play Store, with a reported $40 billion in revenue generated through in-app purchases and advertising in 2025. However, the lack of effective mechanisms to prevent and detect malicious apps has led to this scandal.
Google has long touted its app review pipeline as automated yet effective, combining machine learning models with limited human oversight. But these 28 apps bypassed detection for months — some as early as late 2024 — indicating that either the filters are insufficient or exploitable. The apps used common developer accounts, often rebranded across multiple listings, a tactic known as “app spraying.” This allows bad actors to test what slips through the cracks and then scale the ones that do.
In previous years, Google introduced Play Protect, a built-in malware scanner, and tightened policies around sensitive permissions. Yet these fake call history apps didn’t request unusual permissions. Instead, they relied on psychological manipulation — promising access to information that should be private, like another person’s call log — to lure users into subscriptions. That makes them harder to detect through technical scanning alone.
The $40 billion figure from 2025 isn’t just a measure of success — it’s a sign of scale that should come with tighter responsibility. With so much revenue tied to app distribution, Google’s brand is directly linked to trust in the Play Store. When users install apps expecting safety, they’re not just trusting the developer — they’re trusting Google’s vetting process. That trust has now been breached at scale.
Cybersecurity Researchers’ Findings
The cybersecurity researchers, who chose to remain anonymous, discovered the malicious apps by analyzing user feedback and ratings. They found that the apps were designed to trick users into joining a subscription that provided fake data, leading to financial losses for the users. The researchers’ findings are a stark reminder of the need for more stringent quality control measures in the Play Store.
Many of the apps used nearly identical interface designs — a red and black theme, urgent call-to-action buttons like “Reveal Full Call History Now,” and fake countdown timers suggesting limited-time access. These design patterns are common in scam apps but are rarely flagged by automated systems. The researchers noticed a pattern in user complaints: people downloaded the app, entered payment details, and were shown fabricated logs — calls that never happened, with fake timestamps and numbers. After a few days, the app would stop functioning unless the user renewed the subscription.
Some apps offered a “free trial,” but this required a credit card and automatically enrolled users into a $9.99 to $14.99 monthly plan. Refund requests were either ignored or blocked by unclear cancellation paths. Google’s billing system, while convenient, makes it difficult for users to track or dispute small recurring charges — a flaw that has been exploited repeatedly over the years.
The researchers also found that several of the apps were removed and re-uploaded under slightly different names — a practice known as “revolving door publishing.” Each time, the app would start with clean ratings until enough users reported issues. By then, the app had already collected thousands in revenue and could be replaced with another iteration.
The Impact on Users
The affected users have suffered financial losses, and their personal data may have been compromised. The incident raises concerns about the security and integrity of the Play Store, and users are left wondering how such malicious apps could have slipped through the cracks.
While the fake data itself had no real-world utility, the payment information collected — and potentially stored insecurely — could be used for identity theft or sold on dark web marketplaces. Some users reported unauthorized charges on other services after signing up, suggesting that leaked credentials may have been reused elsewhere.
The psychological impact is harder to measure but no less real. Many users believed they were monitoring a partner’s activity or checking on a child’s safety. When the app failed or demanded more money, it created confusion, anxiety, and in some cases, damaged relationships. Trust isn’t just broken between user and platform — it erodes between people.
Victims are scattered globally, though early data suggests higher concentrations in regions where mobile-first internet use is dominant and digital literacy varies — parts of Southeast Asia, Latin America, and Africa. In these areas, the Play Store is often seen as a walled garden of safety, making users less likely to question app legitimacy.
What This Means For You
As a user, it’s essential to be cautious when installing apps from the Play Store. Always read user reviews and ratings, and be wary of apps that promise too-good-to-be-true features. regularly check your app permissions and subscriptions to ensure you’re not being charged for unnecessary services.
If you’re a developer, this incident underscores the risks of operating in an ecosystem where bad actors can piggyback on your credibility. Legitimate developers spend months building trustworthy products, only to see their category poisoned by fraudulent clones. That’s especially true in sensitive areas like privacy, monitoring, or security tools — where user expectations are high and trust is fragile.
For app founders, this is a warning about market saturation and brand mimicry. If your app offers call logs, message tracking, or device monitoring, you’re now competing in a space where dozens of lookalike apps may be scams. That could lead to lower organic visibility, higher customer support costs, and more friction in user acquisition. You’ll need to invest more in user education — clear branding, in-app explanations of how your service works, and transparent billing — just to stand out from the noise.
Builders working on app distribution platforms should take note, too. Google’s struggle shows that automation alone can’t catch every scam. Human review, behavioral analysis, and faster takedown processes are all needed. Smaller app stores might see this as a chance to position themselves as more curated or secure alternatives. But they’ll need resources and consistency to back that claim.
It’s not enough to rely on Google’s reputation. Users who downloaded these apps thought they were safe because the store itself was trusted. That assumption is no longer valid. Everyone involved — from individual users to enterprise developers — now has to treat the Play Store like any open marketplace: useful, but full of risks.
Historical Context: A Pattern of Lapses
This isn’t the first time malicious apps have flooded the Play Store. In 2017, more than 200 fake flashlight and wallpaper apps were found to be part of an ad-fraud scheme, generating millions in revenue by simulating clicks. Google removed them, but not before they amassed tens of millions of downloads.
In 2020, a wave of fake utility apps — cleaning tools, battery savers, and speed boosters — used deceptive ratings and fake reviews to climb the charts. Many subscribed users to recurring charges without clear consent. That year, researchers identified over 170 such apps, totaling more than 6 million downloads.
Then in 2022, a group of apps disguised as children’s games collected personal data and served inappropriate ads. They bypassed Google’s family policy checks by initially submitting clean versions and later pushing malicious updates. Google tightened update review policies after that, but enforcement has been inconsistent.
Each incident followed the same trajectory: discovery by independent researchers, media coverage, app removals, and a brief policy update from Google. But there’s no public data on how many similar apps slip through between audits. The current fake call history scheme fits this pattern — same tactics, same exploitation of user curiosity, same delay in detection.
What’s different now is the scale and monetization model. Earlier scams relied on ad fraud or data harvesting. These apps go straight for the wallet, using Google’s own billing system to extract recurring payments. That makes them more damaging to individual users and harder to reverse.
Key Questions Remaining
Google has removed the 28 apps, but major questions remain unanswered. How long were they active before detection? Some user reviews date back to mid-2024, suggesting they operated for nearly two years. Why didn’t automated fraud detection flag the sudden spike in negative reviews or refund requests?
Who developed these apps? The accounts behind them appear to be shell entities, possibly linked to a single network. Without transparency into developer verification, it’s impossible to know if Google’s onboarding process allowed these accounts to register with fake identities.
Will users be refunded? Google has a refund policy, but it’s limited to 48 hours in most cases. For a subscription that’s been active for months, the burden falls on the user to dispute charges through their bank. Google hasn’t announced a mass reimbursement plan.
And perhaps most importantly — what changes are coming? Will Google introduce stricter verification for apps offering sensitive functionality? Will they monitor subscription patterns more closely? Will they require clearer disclosures before trial sign-ups?
Until those answers come, users remain on their own. The Play Store may be convenient, but convenience without accountability is dangerous. Seven and a half million downloads isn’t just a number — it’s a warning.
It’s concerning that such malicious apps could have been distributed through the official Play Store, highlighting a need for more strong security measures and quality control.
Sources: The Hacker News, CNET
