No application exists that allows you to access another person’s call history. This has never been possible, and it is highly unlikely to ever be allowed — telecommunications carriers do not share this data, and third-party developers lack the necessary permissions to access it. This is not a matter of interpretation; it is technically impossible. Nevertheless, 7.3 million users according to welivesecurity installed applications that claimed to perform exactly this function.
Security analysts at ESET dedicated months to unraveling a large network of 28 deceptive Android applications collectively named CallPhantom — apps that promised users access to any phone’s activity: call logs, SMS records, and even WhatsApp history. Users were instructed to enter a number and pay a small fee, with the promise that the secrets of the target would be revealed. In reality, the output was fabricated — random phone numbers combined with hardcoded names and timestamps, generated by the app itself to appear convincing. The critical detail is that users only viewed this fabricated data after making a payment. This sequence was deliberate.
Google Play Store Exhibited a Major Oversight in This Case
All 28 applications remained on the Google Play Store for an extended period, amassing millions of downloads. One application was published under the name “Indian gov.in,” a developer handle suggesting government affiliation that it did not possess. Several apps featured review sections containing explicit user complaints about being scammed, yet these warnings coexisted with clusters of suspiciously positive five-star reviews that maintained respectable ratings.
ESET reported the complete set to Google in December 2025, resulting in the apps’ removal. However, the removal was triggered by an external report rather than Google’s own detection systems. For a platform that has invested significantly in automated threat detection and the App Defense Alliance framework, allowing 28 variants of the same scam — all advertising the same technically unfeasible feature — to accumulate millions of downloads represents a notable vulnerability.
Some applications exacerbated the situation by circumventing Google’s payment infrastructure entirely, directing users to third-party UPI transactions or to direct card entry fields embedded within the app. This violates Play Store policy but also means Google cannot issue refunds to those users. Anyone who paid outside the official billing system must pursue reimbursement through the payment provider or the developers, who, unsurprisingly, are unlikely to assist.
The Apps Succeeded Because Their Offer Was Highly Compelling
The more unsettling aspect of this incident is what drove 7.3 million downloads initially. These apps did not provide cloud storage or innovative photo editing tools. Instead, they offered something people were willing to pay for: the ability to monitor someone — a partner, an ex, a teenager, or a business associate. Regardless of the motivation, there was evidently a substantial and receptive audience for this concept.
The applications exploited this desire with calculated precision. They preselected India’s +91 country code by default and supported UPI payments, indicating that the scammers had a clear understanding of their target demographic. Subscription plans ranged from a few euros per week to $80 annually, offering options that felt legitimate and catered to various needs. One application, when a user attempted to exit without paying, sent a fake push notification designed to resemble an email containing results — a final attempt to push users back to the paywall.
WeLiveSecurityIt succeeded because curiosity is a potent force, and the developers understood this well. Beneath the technical facade lies a classic scam: charge users for a highly desired feature, deliver a plausible-looking void, and rely on embarrassment to prevent widespread complaints.
For those affected, subscriptions processed via Google Play’s official system can be canceled — and potentially refunded — through the Play Store’s payment settings. All other payments require contacting the respective payment processor directly.