The web has a secure storage standard and OAuth + MFA is just as secure as anything your bank could cook up in an app. In fact, I'd be shocked if banks did a better job of security in their apps vs what browsers and standard auth flows provide.
Banks just like selling the idea that "if it's encrypted, it's secure". But trust me when I say this, bank security across the board absolutely sucks. The company I work with does financial data ingest and... yeah... There's more than a few institutions where we had to pull teeth to get them to send stuff through an encrypted transport (SFTP, for example, they want to just use FTP).
That is sensible. In sweden there's 1 single app to authenticate yourself. Strictly speaking the bank does work without, but A LOT of other stuff doesn't, making life very hard.
I think they meant that if there is a single identity app you should petition your government to require it to run on any mobile phone rather than require one or two American companies to dictate what it can run on. Or better yet, allow people without mobile phones to also be able to rent apartments.
BankID was working just fine when I was experimenting with LineageOS without Google apps (incidentally, on a Motorola phone) last year. It is something I worry about though, seeing as they could easily stop that from working and there's no real alternative.