When people shop for mobile device apps on Apple’s App Store or the Google Play store, they might forget that some of them could be fake and could affect them greatly.

Cyber criminals create fake apps to take control of users’ devices, most likely to steal money. While stealing money is bad enough, there are other dangerous reasons why people should be vigilant when downloading apps.

Gabriel Wood from the consumer information site NextAdvisor told International Business Times about other ways fake app downloads can affect users and what to do when a counterfeit application is downloaded.

“Some fake apps will just put ads all over your device, but others can take pictures through your camera, send out premium-rate text messages or steal your personal information,” said Wood. “They can even download other malicious apps in the background to expand their attack options.”

Hackers could also steal a person’s identity through a fake app, which could lead to major headaches.

The fake applications aren’t always some suspicious looking apps hidden in a store under a weird name. They can also resemble popular apps like WhatsApp and Pokémon Go.

Last month, a fake version of WhatsApp on the Google Play Store racked up more than 1 million downloads before Reddit users pointed out that it was a counterfeit app. The fake app, listed under the name “Update WhatsApp Messenger,” was plagued by ads and other malicious code that tried to use a person’s device to make money for those who created it. The counterfeit app was taken down after it was reported to Google.

“Before that, fake versions of social media apps such as Facebook Messenger, games such as Pokémon Go and shopping apps for brands such as Foot Locker and Nordstrom have appeared on both the App Store and Google Play,” said Wood. “If there’s an app with a lot of downloads, chances are good that someone has tried to capitalize on its success by making a fake version of it.”

How To Spot A Fake App

While fake apps could resemble popular apps like WhatsApp and Messenger, the counterfeit versions often have red flags, Wood said. Here are some signs users should look out for when downloading apps.

Grammar

Users should make sure the title of the app and the developer’s name are spelled correctly, Wood advised. Shoppers should always read the app’s description and make sure it doesn’t include typos or broken English. Bad grammar could indicate that the app is counterfeit, since many fake app developers tend to be non-native English speakers, Wood said.

Download Numbers

Users should also look at the app’s download count. If the numbers are too low, that means the app is fake. That was the case with the fraudulent WhatsApp version, which had 1 million downloads. Although those are a lot of downloads, it’s not as high as the real app which has more than 1 billion downloads.

Permissions

People can also see if they have downloaded a fake app by looking at its permissions. Fake apps tend to ask for more permissions than real ones usually do, so they can get more control over a user’s device.

“For example, if you download a shopping app and it asks for permission to access your camera, contacts and SMS messaging, that may indicate that the app has hidden, possibly malicious features,” said Wood. “Be especially careful with any app that asks for the administrator permission, as this gives the app the ability to do really nasty stuff like change your password, encrypt your storage and make itself undeletable.”

What To Do If You Download A Fake App

If a person ends up downloading a fake app they should immediately delete it, Wood said. However, malicious apps could try to protect themselves from being disposed of by making their icon and title invisible.

“If you don’t see the fake app on your device, go to your installed apps page and look for blank spaces where it may be hiding,” said Wood. “For fake apps that you can’t remove, either because they have administrator permission or because you can’t find them, the safest option is to wipe your device’s memory and start from scratch.”