Daily Guardian UAEDaily Guardian UAE
  • Home
  • UAE
  • What’s On
  • Business
  • World
  • Entertainment
  • Lifestyle
  • Sports
  • Technology
  • Travel
  • Web Stories
  • More
    • Editor’s Picks
    • Press Release
What's On

Meta’s detection tool fails to identify photos generated by its own Muse Image AI

July 11, 2026

This app turns your text and voice messages into living AI characters

July 10, 2026

XREAL’s $299 AR glasses are finally here, and they could be a great travel companion

July 10, 2026

Why Window-Mounted Fresh Air Systems Are Gaining Attention Among Renters 

July 10, 2026

From Sensors to Decisions:Why Modern Defense Begins at the Edge

July 10, 2026
Facebook X (Twitter) Instagram
Finance Pro
Facebook X (Twitter) Instagram
Daily Guardian UAE
Subscribe
  • Home
  • UAE
  • What’s On
  • Business
  • World
  • Entertainment
  • Lifestyle
  • Sports
  • Technology
  • Travel
  • Web Stories
  • More
    • Editor’s Picks
    • Press Release
Daily Guardian UAEDaily Guardian UAE
Home » Fake stalking apps racked million of downloads. It says a lot about Google’s security and us
Technology

Fake stalking apps racked million of downloads. It says a lot about Google’s security and us

By dailyguardian.aeMay 9, 20264 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

There is no app that lets you pull up someone else’s call history. There never has been, and there almost certainly never will be — carriers don’t expose that data, and no third-party developer has the access required to retrieve it. This is not a grey area; it is simply not possible. And yet, 7.3 million people, according to welivesecurity have downloaded apps that claimed to do exactly that.

Security researchers at ESET spent months untangling a sprawling family of 28 fraudulent Android apps they collectively dubbed CallPhantom — apps that promised users a window into anyone’s phone activity: call logs, SMS records, even WhatsApp history. Enter a number, pay a small fee, and the secrets of whoever you were looking up would supposedly come spilling out. What actually came out was fiction — random phone numbers dressed up with hardcoded names and timestamps, generated by the app itself, designed to look just convincing enough to seem real. The payoff is that users only saw this fake data after they’d already paid. That sequencing wasn’t accidental.

Google Play Store had a serious blind spot here

All 28 apps sat on the Google Play Store long enough to accumulate millions of downloads. One of them was published under the name “Indian gov.in,” a developer handle implying government legitimacy it had no right to claim. Several had review sections full of users explicitly writing that they’d been scammed, and those warnings coexisted with clusters of suspiciously enthusiastic five-star reviews that kept the ratings looking respectable.

ESET flagged the full set to Google in December 2025, and the apps were removed. But the removal came from an external report, not from Google catching something itself. For a platform that has invested heavily in automated threat detection and the App Defense Alliance framework, letting 28 variants of the same scam — all promising the same technically impossible feature — accumulate millions of downloads is a significant gap.

Some apps made things worse by bypassing Google’s payment infrastructure entirely, routing users to third-party UPI transactions or to direct card entry fields embedded in the app. That’s a violation of Play Store policy, but it also means Google can’t issue refunds to those users. Anyone who paid outside the official billing system has to chase down the payment provider themselves, or the developers, who, it goes without saying, are not particularly motivated to help.

The apps worked because the pitch was irresistible

The more uncomfortable part of this story is what drove 7.3 million downloads in the first place. These apps didn’t offer cloud storage or a new way to edit photos. They offered something people actually wanted badly enough to pay for: the ability to spy on someone — a partner, an ex, a teenager, or a business contact. Whatever the reason, there was clearly a large and willing audience for the idea.

The apps leaned into that desire with ruthless precision. They preselected India’s +91 country code by default and supported UPI payments, which signals that the scammers understood their target demographic well. Subscription tiers ranged from a few euros per week to $80 a year, giving users options that felt like a legitimate service and catered to different needs. One app, when a user tried to exit without paying, sent a fake push notification styled to look like an email had just arrived with the results — a last-ditch nudge that led straight back to the paywall.

File, Text

It worked because curiosity is a powerful thing, and the apps were designed by people who understood that. Strip away the technical scaffolding and what you have is a very old scam: charge someone for something they desperately want, give them a plausible-looking nothing, and count on embarrassment to keep them from complaining too loudly.

For anyone caught up in this, subscriptions processed through Google Play’s official system can be canceled — and potentially refunded — through the Play Store’s payment settings. Everything else is a harder conversation with whoever processed the payment.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Keep Reading

Meta’s detection tool fails to identify photos generated by its own Muse Image AI

This app turns your text and voice messages into living AI characters

XREAL’s $299 AR glasses are finally here, and they could be a great travel companion

Why Window-Mounted Fresh Air Systems Are Gaining Attention Among Renters 

Meta’s addictive Instagram and Facebook design could lead to billions in fines and a forced redesign

Spotify just gave Release Radar new controls so you can find new music your way

My old Pixel keeps getting AI features Apple wants a newer iPhone for

You can now check if a Google ad was made using AI

Android can now back up more of your phone, but Google is also letting you say no

Editors Picks

This app turns your text and voice messages into living AI characters

July 10, 2026

XREAL’s $299 AR glasses are finally here, and they could be a great travel companion

July 10, 2026

Why Window-Mounted Fresh Air Systems Are Gaining Attention Among Renters 

July 10, 2026

From Sensors to Decisions:Why Modern Defense Begins at the Edge

July 10, 2026

Subscribe to News

Get the latest UAE news and updates directly to your inbox.

Latest Posts

Meta’s addictive Instagram and Facebook design could lead to billions in fines and a forced redesign

July 10, 2026

The Happy Meal Has Grown Up: Couqley Launches Its New Adult Happy Meal

July 10, 2026

Spotify just gave Release Radar new controls so you can find new music your way

July 10, 2026
Facebook X (Twitter) Pinterest TikTok Instagram
© 2026 Daily Guardian UAE. All Rights Reserved.
  • Privacy Policy
  • Terms
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.