I don't have any banking apps on my phone, and don't use it to log into banking websites.
The phone has a pin, and will wipe itself if an incorrect pin is entered too many times. I can also remotely wipe the phone.
Banking websites all have two factor authentication enabled tied to an authenticator app which is on my phone. So I need the bank password, and my phone, and my phone pin to access it, and the one time authentication code from the authentication app.
I only log into the banking websites from my house, over a secure network, only using specific computers that only I have access to which aren't used for gaming, web surfing, etc, which have anti-virus software installed.