It's not about using passphrase or any other extra security including multi sig, once you installed the fake apps, they can gain access into your smartphone.

The most important thing is hold large amount of coins in hardware wallet or air-gapped wallet, not in hot wallet. Also don't save every password or any secret information in your smartphone.