You would be trading one kind of "shit" for a much more real and serious kind of shit - at the new bank, you'd either be more likely to get your account drained in ways that are hard to reverse, or you'd be forced back to using dedicated hardware smartcard readers of the type that were common before mobile apps became widely used (at least were common in Europe).
If your bank account gets drained and you'd made a big song and dance about how you selected that bank specifically because it had less security on its mobile app, well, nobody will have any sympathy for you.
If your bank is equally secure but uses dedicated hardware devices instead of smartcard readers, then all you did is swap one bit of secured hardware for another, making your life less convenient and in return for what?
A bank has to know it's communicating with the real human who owns the account and not a hacker. It's going to achieve that one way or another. You'd be much better off accepting the tech and finding ways to achieve your goals within it, like by setting up a project to maintain whitelists of known good/secure OS builds. You can then make libs that wrap SafetyNet and eliminate the false positives. Even if banks don't start using it anytime soon, other smaller companies might and it's a place to start. Of course the fact that virtually nobody cares about custom operating systems to begin with is the biggest hurdle you'd face, not the tech or business requirements, but that is partly on the OS developers. You can't complain nobody cares about if you're not giving anyone a reason to care.
You use the word “forced” like it’s a problem? I hated it when my bank got rid of a nice secure card reader (which required my physical card and pin).
If my phone breaks or is stolen, I can’t actually buy a replacement phone now, as that requires spending money, which requires 2FA which requires my phone.
If your bank account gets drained and you'd made a big song and dance about how you selected that bank specifically because it had less security on its mobile app, well, nobody will have any sympathy for you.
If your bank is equally secure but uses dedicated hardware devices instead of smartcard readers, then all you did is swap one bit of secured hardware for another, making your life less convenient and in return for what?
A bank has to know it's communicating with the real human who owns the account and not a hacker. It's going to achieve that one way or another. You'd be much better off accepting the tech and finding ways to achieve your goals within it, like by setting up a project to maintain whitelists of known good/secure OS builds. You can then make libs that wrap SafetyNet and eliminate the false positives. Even if banks don't start using it anytime soon, other smaller companies might and it's a place to start. Of course the fact that virtually nobody cares about custom operating systems to begin with is the biggest hurdle you'd face, not the tech or business requirements, but that is partly on the OS developers. You can't complain nobody cares about if you're not giving anyone a reason to care.