>The app is much more secure especially on iPhone or modern androids with crypto enclave or what ever it is called. With that even if a customer installs malicious app and grant it a lot of permission, the bank app can still be unaffected.
"crypto enclave" isn't a silver bullet that magically prevents you from getting hacked. it might keep your signing keys from being divulged, but if the attacker has root access (or jailbroken), there's nothing preventing the attacker from getting the enclave to sign whatever request it wants. at the very least it can corrupt the legitimate app's memory to force it to make a transfer.
the security comes from sandboxing, not secure element/enclave.
"crypto enclave" isn't a silver bullet that magically prevents you from getting hacked. it might keep your signing keys from being divulged, but if the attacker has root access (or jailbroken), there's nothing preventing the attacker from getting the enclave to sign whatever request it wants. at the very least it can corrupt the legitimate app's memory to force it to make a transfer.
the security comes from sandboxing, not secure element/enclave.