Anyone with large amounts of bitcoin in self-custody should be using the passphrase feature IMO,
so they can't steal your bitcoin with just the seedphrase alone. It is your last line of defense.
It's not about using passphrase or any other extra security including multi sig, once you installed the fake apps, they can gain access into your smartphone.
the most dangerous way of downloading softwares has got to be from chrome
there would be extensions or apps that you can download from chrome and i would suggest for no one to try this because it can literally be anything damaging
i am surprised to see that apple has scam apps when they are known for being a secure one due to exclusivity but play store having fake apps is not surprising