How those phishing apps are even allowed into the store in a first place, don't they have to get some sort of ok from the playstore before being published?
Things like this have happened a lot. Several other phishing applications have also appeared on Google Play (
[WARNING] Fake Ledger Live app on Play Store). Therefore, you should not immediately trust the applications on Google Play. Find out first the information about the application.
Personally, if possible, I usually use the direct application link provided from the original developer's website. So when directed to Google Play, the app must be genuine. There is currently no Trezor application download link that refers to Google Play or the App Store on the Trezor website. Unlike the Ledger, which already has the Ledger live application for smartphones, the Ledger website provides direct links to Google Play and the App Store for the application (
https://www.ledger.com/ledger-live/download).