How those phishing apps are even allowed into the store in a first place, don't they have to get some sort of ok from the playstore before being published?
You can upload an application easily on the google play store they don't care too much about the duplicate and the security of the application also you only need is to pay a small amount to publish an application. Compare to iOs they always secured their users about the application will want to launch by the developer its better if we get the application on the reliable source not only by the google play top 1 on the chart always make our research. We are storing money to those application / IoT so still, we need to keep aware of this phishing apps.