Anyone with some expertise on this topic, please advise. If I use all this in a smartphone browser, rather than separate apps, is this vulnerability not a concern? I.e., instead of the bank's app, I should just use the web version in the browser, etc.
The best way to control this is to have separate browser for this and enable split tunneling in the client of your choice and exclude it from the VPN/Proxy connection.