Isn't that more reason to go to your bank's website: to download the apk and then verify the hash of the downloaded apk before installing it? That would make me way more comfortable than the current system of "pray this app on the play store is actually my bank's".