Re: Best security practice
Don't use a banking app on Android in the first place.
Every sane OS is patched at least monthly, if not more often as bugs and security holes are found. Most phones one per year if you are lucky for core OS parts, occasionally more often for app and that often asks for more permissions.
I don't know where you're getting your info from. I've got a Motorola which received an update to Lollipop and then later Marshmallow. I still regularly receive updates to Marshmallow. The OS also gives me granular control over app permissions; I don't have to allow everything to install an update.
I'd say modern Android is a pretty secure OS. Of course you're much more likely to get pwned if you're browsing porn sites with it or installing apps from warez.cn but that's true of any OS. Even if someone does gain control of your phone I don't understand your fear of banking apps. The most any attacker would be able to do is view your balance or transfer money to a pre-approved list of recipients. You need to use a separate card reader to authorize anything else.
To be honest your post is another example of the self-congratulatory Luddite circle-jerk that seems to happen far too often on these forums.
"Kids using banking apps? Pah! When I was their age we had to walk FIFTEEN miles, uphill, both ways, just to find the bank was closed!"