Transcript for How to protect your smartphone from fake apps
Back now with that frightening headline about fake apps. More than a million phones vulnerable to potential hackers this week after people downloaded a fake version of a popular messaging app and it turns out this happens more often than you may think. Gio Benitez is here with more. Good morning, gio. Reporter: Good morning. We're talking about nearly 3.5 million fake malicious apps out there at any time that hackers can use to see everything you do on your phones. The latest app was disguised as the popular whatsapp and Google removed it and suspended the developer. As you're about to see, the risk is very real. We're inside a coffee shop in Washington, D.C. With a group of young people who have no idea that some of them are about to be hacked. Here we go. Reporter: Here's why, just this September a massive breach made headlines. One of the biggest outbreaks ever. Reporter: Hackers introduced 50 malicious apps also known as doppelgangers, fake apps that mirror the real thing into the Google play store. Then millions of unsuspecting android users download the bad apps, a total of 4.2 million times. One of those apps disguised as a seemingly simple app called lovely wallpaper. You don't realize it's a fake. So if you download a nasty version of minecraft, for example, you actually seem to get minecraft and it seems to work but in the background the attackers are able to access your information. Reporter: James line is a cybersecurity expert at sophos and gave android phones to all of our volunteers as part of our demonstration. We told them to use the phones as they normally would. What they don't know is James has already installed a malicious app on the phones. Now watch with the group sitting in another part of the coffee shop. We can retrieve their tech messages. There it is. Hey, it's me, stunning. There's a little emoji. Reporter: Next James triggers one of their cameras. He will have no idea the camera is just activated and there's a photo of one of our users. Hi, guys. Reporter: It turns out every one of our volunteers had signed into their social media accounts. Did anyone notice anything strange happening on your phones. Not realizing James had stolen all of their passwords. The person should have noticed something going on was you. Oh, was that -- did you take that of me while I was on my phone? Reporter: While you were 0 the phone. This is the selfie cam. That's scary. Reporter: We decided to up the ante with one of the students taking him outside. He had no idea that inside the coffee shop -- Tracking him now and can see where he is. Reporter: James was live streaming his camera and pinpointing his location. He has access right now to this. Oh, no. James can even control his text messages. What is this? Hey, can you send me your password. I didn't text that. You didn't. It says you did. Reporter: James says someone doesn't even have to be on their phone to be hacked. Even when you weren't using the phone, we still got a picture of you. Oh, what? How? So the phone was just sitting there on the table looking right up at you. Reporter: Experts say the danger is far greater than just a stolen selfie. Once inside the criminals into your phone they can access user names and password, credit cards. Basically to be able to profit from your device without you knowing. Reporter: And Google tells us it has been tracking this particular malware for months and it's constantly removing bad apps from the playstore and added to its review proceed Sures but the company says it relies on the communities of users and developers to watch and find those ma wlishs app. I'm watching that. I'm so scared. I want to go back to a land line but what should people do if you already have been hacked? It's not enough to change your password. It's not enough. Once the hacker is in, the hacker is in. So really if you think you have a bad app you have to delete it and then you have to wipe your phone. You have to restore it but when you're looking at those app store, you want to make sure you're looking at the company, the developer of that app. Make sure it's a legitimate company and then download it only if you know it's legit. Wow. Thanks, gio. That was very, very informative. It sure was.
This transcript has been automatically generated and may not be 100% accurate.