Name and shame
I really think these people need to get over the idea of not naming companies that are absolutely failing.
"Hey, there's some number of mobile banking apps that are horrible! However, we're not going to tell you which ones; good luck!"
If you really want this fixed, then name them. I guarantee you if the First National Bank of XYZ's name shows up on a list of Insecure Apps then they will move heaven and earth to fix it. And, please, don't tell me that naming them will cause hackers to jump all over it. Guess what - the hackers already know which ones are bad. The only people who don't are the customers.
Basically - without that information, everything else in this article is meaningless.