Scam Android apps on Google Play got millions of downloads from a creepy pitch

Google Play is meant to be the safer place to get Android apps, however not each app on the shop deserves your belief, particularly when you’re looking for them out for probably nefarious functions. A newly detailed rip-off reveals how far a doubtful app can go earlier than it’s stopped, with 28 apps on Google Play racking up greater than 7.3 million downloads by promising entry to different folks’s name logs, SMS information, and WhatsApp name historical past.

ESET researchers detailed the rip-off in a WeLiveSecurity report, the place they collectively confer with the apps as “CallPhantom.” The apps differed in look, however the trick was the identical: you entered a cellphone quantity, paid to unlock the supposed communication information, and acquired faux knowledge in return.

The researchers discovered that some apps generated random cellphone numbers and paired them with names and name particulars already embedded within the code. Others requested customers for an electronic mail handle the place the ‘retrieved’ historical past would supposedly be despatched. Both manner, ESET says the apps didn’t request intrusive permissions or have any actual skill to entry the requested knowledge.

Let’s not ignore the elephant within the room right here. No person deserves to be scammed, however that is an uncommon case the place the bait itself was fairly doubtful. The apps weren’t promising cheaper wallpapers or a higher climate widget — they claimed to supply entry to a different individual’s non-public communication historical past.

The fee facet additionally made issues messier. Some apps used Google Play’s official billing system, probably permitting some victims to say refunds. However ESET says others pushed customers towards third-party fee apps or direct card checkout varieties contained in the app. In a single case, when the customers tried to go away the app, it confirmed misleading alerts styled like new emails that claimed the decision historical past outcomes had arrived, then despatched customers again to a subscription display.

ESET reported the 28 apps to Google on December 16, and all of them had been eliminated from Google Play by the point the report was revealed. Whereas sideloading may get extra flak in the case of rip-off safety, we’re reminded that the Play Retailer can nonetheless give unhealthy apps a enormous viewers as soon as they slip by.