Are you sure that the app on your Android device is not a Trojan? - "Triout" spyware when repackaged with a valid version of the Android app keeps the appearance and feel of the original app and function exactly like it.

According to the researcher, Triout can perform many spying operations once it compromises a system, including:

• Recording every phone call, saving it in the form of a media file, and then sending it together with the caller id to a remote C&C server.
• Logging every incoming SMS message to the remote C&C server.
• Sending all call logs (with name, number, date, type, and duration) to the C&C server.
• Sending every picture and video to the attackers whenever the user snaps a photo or record video, either with the front or rear camera.
• Capability to hide itself on the infected device.

https://thehackernews.com/2018/08/android-malware-spyware.html