Google removes 28 fraudulent CallPhantom apps from Play Store

3 articles · Updated · We Live Security · May 7

The apps, reported by ESET, had more than 7.3 million downloads, mainly targeted users in India and Asia-Pacific, and charged up to $80 for fabricated call, SMS and WhatsApp logs.
Researchers said some apps bypassed Google Play billing through UPI or in-app card payments, making refunds harder, while others used deceptive notifications to push users into subscribing.
Google cancelled existing subscriptions bought through Play after the removals, but users who paid outside its billing system must seek refunds from payment providers or developers.

How did a fake spy app on Google Play trick 7 million users into paying through India's secure UPI system?

With Google's AI scanning 350 billion apps daily, how did this massive scam go undetected for so long?