Overview
- Google removed a cluster of 28 Android apps that posed as tools for viewing any number’s call, SMS, and WhatsApp logs after security firm ESET documented the fraud and the apps’ millions of installs.
- The apps showed convincing previews but unlocked only after payment, then returned hardcoded or randomly generated names, numbers, times, and durations instead of real data.
- ESET found the apps requested no sensitive permissions, so they did not steal data and functioned as straight subscription scams that relied on deceptive marketing and fake notifications.
- Operators accepted money through Google Play billing, third‑party payment apps, and embedded card forms, with Google cancelling Play‑billed subscriptions and other payers needing to seek refunds through their banks.
- Indian users were hit hardest, with many apps preset to the +91 code and supporting UPI payments, and researchers urge users to cancel any suspicious subscriptions and avoid apps that claim to access someone else’s private records.