If someone sent an APK through WhatsApp and you now need to file a complaint, the useful proof is not just one screenshot. A strong complaint connects the sender, file, permissions, device activity, bank or account alerts, and the order in which everything happened.
Preserve enough proof to show who sent the APK, what it asked for, what the phone allowed, and what harm followed.
Do not enter OTPs, UPI PINs, passwords, or card details on a phone that may still have a suspicious app or remote access risk.
This guide is written for practical evidence organization after a WhatsApp APK scam. It is not legal, police, bank, forensic, or recovery advice.
If money moved recently, an account was taken over, identity documents were exposed, or the phone may be compromised, use the relevant official bank, wallet, platform, 1930, cybercrime.gov.in, police, or cyber cell route.
Proof matters, but a compromised phone can keep causing damage. If there are debit alerts, login alerts, OTP requests, SIM/KYC messages, or screen-control signs, stop using that phone for sensitive actions.
Do not install another file, approve UPI collect requests, share OTPs, scan QR codes, open more links, or follow the sender's "verification" steps.
For banking, passwords, account recovery, and complaint filing, use a second trusted device or an official channel you open yourself.
Capture the sender number, profile, APK message, file name, link, permission screens, bank or account alerts, and exact timeline.
For recent financial loss, contact the bank or wallet provider quickly and use 1930. Use cybercrime.gov.in for the formal complaint record.
The most useful proof answers four questions: who sent the APK, what file or link was used, what device permissions or access changed, and what financial or account event followed.
Do not delay urgent bank or 1930 reporting just because one screenshot is missing. File quickly where money is involved, then keep adding organized proof through the official route when available.
ScamScan is not an official government, police, bank, wallet, telecom, platform, or recovery service. It helps you organize risk signals and evidence before using official routes.
Exact menus vary by Android version and phone brand. When in doubt, use official support from the device, bank, wallet, or account provider.
Do not type banking credentials, OTPs, UPI PINs, passwords, recovery codes, or card details on the suspected phone until the app and account risk are handled.
If safe, capture app name, APK file name, source chat, download link, install time, icon, and permissions before uninstalling. Do not keep the app active just to gather more proof.
Look for Accessibility, SMS, notification access, overlay/display over other apps, device admin, VPN, contacts, files, camera, microphone, and unknown-app install permission.
Run Play Protect or the phone maker's security scan, update Android and apps, remove suspicious apps, and revoke permissions. Keep screenshots of alerts if they appear.
From a trusted device, change exposed passwords, revoke sessions, log out unknown devices, reset UPI or app PINs where needed, and contact providers for suspicious activity.
WhatsApp number with country code, profile name/photo, group name, invite link, admin name, call logs, voice note references, and the first message that introduced the APK.
APK filename, file size if visible, message attachment, download URL, shortened link, website page, QR code, app icon/name, and any warning screen the phone showed.
Installed-app screen, permission screen, Accessibility/SMS/notification/overlay/device-admin settings, Play Protect warning, and uninstall or disable action if completed.
Debit SMS, bank statement line, UTR/reference, wallet or UPI receipt, card alert, login alert, password reset email, SIM/KYC message, or new device login notice.
Bank or wallet ticket, card block number, platform report, 1930 complaint ID, cybercrime.gov.in acknowledgement, police/cyber cell reference, and every follow-up date.
Keep the summary factual and short. Do not guess intent, do not add private secrets, and do not rewrite the amount or time differently across bank, 1930, portal, and platform follow-up.
| Field | What to write | Proof to attach |
|---|---|---|
| First contact | Date, time, WhatsApp number, profile or group name. | Full chat screenshot with sender visible. |
| APK request | What the sender claimed the APK was for and what they asked you to do. | Message, file attachment, URL, QR, or website screenshot. |
| Device event | Install time, permissions granted, warning seen, suspicious phone behavior. | App info, permissions, Play Protect/security alert, uninstall proof. |
| Financial or account event | Amount, date/time, UTR/reference, debit alert, login alert, or account change. | Bank/wallet proof, SMS, email alert, statement line, ticket ID. |
| Official follow-up | Bank call/ticket, 1930 ID, cybercrime.gov.in acknowledgement, platform report. | Complaint screenshot, email/SMS acknowledgement, status page. |
Use ScamScan to organize the case. Use official routes for action. For active financial fraud, speed matters: contact the bank or wallet provider quickly, use 1930, and keep the cybercrime.gov.in complaint trail consistent.
Open bank, wallet, email, and key accounts from another phone or computer if the APK phone is suspicious.
Contact your bank or wallet provider for recent debits, card exposure, UPI risk, or account changes. Save every ticket or reference number.
Save sender, APK, permissions, alerts, transaction details, complaint IDs, and a short timeline in one folder or note.
Use 1930 for recent financial fraud and cybercrime.gov.in for the formal complaint trail. Report/block the WhatsApp sender after preserving proof.
Save proof that connects the sender, APK file, device permissions, timeline, and any money or account event. Keep the WhatsApp number, profile, chat, file name, download link, permission screens, bank alerts, UTR or transaction reference, and complaint IDs if already filed.
If there is active money or account risk, prioritize containment and official help. If it is safe to do so, record the app name, file source, permissions, and install time before uninstalling. Do not keep using the suspicious app just to collect more proof.
Avoid entering passwords, OTPs, UPI PINs, or banking details on a phone that may be compromised. Use a trusted second device or official bank channel to block cards, change passwords, revoke sessions, and report recent transactions.
For recent financial fraud, contact your bank or wallet provider quickly and use the 1930 helpline. Use cybercrime.gov.in for the official complaint trail. You can also report and block the sender inside WhatsApp, but that is separate from bank, police, or government reporting.
Write the first contact date, WhatsApp number, APK name or link, what the sender asked you to do, permissions granted, money or account event, transaction details, bank or platform ticket, and current status in order.
No. ScamScan is not a government, police, bank, wallet, telecom, platform, or recovery service. It helps organize risk signals, evidence, and next steps before you use official routes.
Do not pay recovery, unlock, verification, tax, complaint-processing, or refund-release fees to random callers, WhatsApp helpers, or accounts introduced by the scammer. Save the demand as evidence.
Do not share OTP, UPI PIN, CVV, full passwords, recovery codes, private keys, full identity documents, or remote access with anyone claiming to verify the APK scam. Official portals and providers should be opened by you directly.