Security of banking shouldn't depend on the client software, it should be enforced at the interface the clients use to talk to the bank. It shouldn't matter whether the banking app can be disassembled or not. As much as I detest browser-based authentication in general online banking websites got it right: you just use a browser (and it's in your best interest to use a trusted browser -- one trusted by you) but all the bank cares about is that the user has the necessary pieces for authentication, be it numerical codes, passwords, and 2FA tokens. The browser doesn't have to be a bank-signed edition of MS Edge, it can be Firefox or even a browser you wrote yourself. But a banking app is basically a black box that you would have to allow to run in your system in order for the bank to talk with the software the bank itself trusts.