...In essence, the device we use does not have a problem whether Android or iOS or others, the problem starts from downloading the wrong wallet
Nah, it's not as simple as you describe. Even if you download the actual official wallet and verify PGP signature and keep your mobile from installing multiple apps still you are exposed to internet, as long as the device is connected to internet you are prone to hacks in one or another way. Which is why the recommended way to store crypto assets, is cold storage it can be a device or hardware wallet but should be isolated from internet forever, the moment it connect to internet the security could be compromised.
I have two wallets that I use, namely cold wallet and Ht wallet to store the assets that I have, as long as we do not do strange activities with the internet or use wallets that store assets for other activities such as testnet or others in any transaction on web3 then I think it is better for us to use different wallets, I know some people use wallets as a place to store them but they are also actively transacting on web 3 that is the wrong action because there is a lot of fraud in various events on web3, it depends on us in treating the wallet. Likewise, Cold wallets or hardware are the same if you often use them without paying attention to the security of your own activities.