Agree. Fake android app is a big problem. Will mentioned several times that Damus does not have an android app. But new people may not know that.

I think the real solution to this is have key delegation and do not use master private keys on app or web.