We need an Euroepean vendor or organ or consortium taking up Android or Graphene or whatever and stamping a cert on phones allowed to run bank apps, after which banks (etc) have to support those phones. And/Or having to offer all functionality in the app(s) also in mobile web, but having users who want to use that requiring an OTP (or so) hardware token. I would be in favour of having the latter no matter what; no I can do this with my bank, but it doesn't offer the same as the mobile app and the site is not mobile optimised either.