This is concerning in itself. However, basic #OPSEC dictates that banking and KYC-related applications should be isolated from the rest of a user’s activity.
On Android and GOS, this can be achieved by installing banking and KYC apps in a separate user profile or private space. This provides strong isolation at the application and data level: apps in one profile cannot see, query, or interact with apps or data in another profile.
From a networking perspective, profiles do not automatically get different IP addresses. However, separating activities into different profiles greatly simplifies network separation: each profile can run its own VPN configuration. While split tunneling can be used within a single profile, maintaining distinct profiles makes it much easier and cleaner to enforce that KYC/banking apps always route traffic through a specific VPN, while non-KYC apps use a different VPN or the clearnet.
With this setup, a banking app cannot inspect or interfere with apps outside its own profile, and its network traffic can be consistently routed through a dedicated egress. This reduces app-level cross-referencing and limits both behavioral and network-based fingerprinting.