Sparrow is a legit bitcoin wallet, but it is a desktop-only wallet. There is no mobile version of it.
So if you find one in the Apple or Play store you know it is a fake.
One thing we need to know is that scam applications aren’t regulated there except maybe there is many scam reports by users and it is taken down, and one key method that scammers use to evade this, is by using many Apple of play store accounts to give good reviews about the application. So most at times it is best you do your own research.
Just like for instance in this case, a simple research would have actually let the victim knows that the wallet doesn’t support a mobile app for now, same way there is no electrum mobile wallet for iOS. Furthermore it is always best to verify the wallet after downloading to authenticate its authenticity, but many are too lazy to do that and that’s why we end up using scam wallets.
Do not get lure into downloading a wallet because of the reviews on the play store or Apple Store, those figures can be manipulated.
Anyone with large amounts of bitcoin in self-custody should be using the passphrase feature IMO,
so they can't steal your bitcoin with just the seedphrase alone. It is your last line of defense.
Passphrase does nothing here. Once you enter your seedphrase and passphrase into a wallet. A scam wallet would have the ability to see that seed phrases and pass phrase and then can simply have custody to your wallet too, this is similar with having to clicking on a phishing site and signing in.
The only security that passphrase has is that when store at a different location from the seed phrases, if the seed phrase is compromised or stolen then the pass phrase will be another layer to stop the hacker from accessing your wallet, but in this situation both phrases are given to the scammer which stops nothing