I prefer browser(web)-based banking apps which work well on a phone UI without the info-access creep.

UBank (NAB subsidary) and Wise (not a bank) both support passkeys for login in the browser. Most other banks here seem to have regressed from hardware tokens to SMS codes or proprietary apps for their MFA.

Passkeys are only as secure as your passkeys – I use Bitwarden with master password re-prompt checked for bank credentials, but I should probably switch to a hardware based passkey (at least for unlocking Bitwarden itself).

The phone apps are sometimes required to do some things (like managing passkeys for UBank, verifying ID in Wise). They work on LineageOS without the google stuff, but might be worth installing only temporarily in a separate profile or phone.

Retail payments – just use a physical card if you’re not using cash.

For westpac I just login on a browser on my phone, so no app downloaded

I have ANZ here in NZ and can use them in AU as well. The only permission I allow them is notifications.

I’m using boq and up, for ethical reasons, but I haven’t looked into their privacy or compatibility.

I use Commonwealth Bank. It works fine on GrapheneOS, no popups.

You could always just use the browser version of the banking app.

Bank Australia is the bank you should probably use, regardless of the app situation, since it’s not for-profit (I haven’t switched because I’m waiting for Visa and Mastercard to differentiate themselves on censorship (not that I actually care about the issue)).

What bank asks for those permissions? Just so I know to avoid them.

Not Australia here but I use Native Alpha to create a webapp version of things that I dont want the invasive apps of but that have good browser options, like my bank.