Banking app - am I more secure with or without it?

Not sure whether this is the right area, but sure it will get moved if not.

Despite being forced to a screen for installing the banking app every time I log into my bank from my phone - I've always refused to install it. I just think that having a banking app on my phone which makes it easier to login - i.e. with fingerprint or whatever - just seems less secure.

However - although I am pretty tech savvy (I don't follow links from emails, I don't visit dodgy websites etc.) when I was logging into the bank last night I suddenly thought that maybe I'm kidding myself. At least the banking app would always go where it should, and presumably even if I did end up with some dodgy software on my phone / tablet monitoring my keypresses that wouldn't help with the banking app if it relied on my fingerprint?

So have I been kidding myself? Would my bank access actually be more secure via a banking app?

On paper the app will be slightly less secure. The app code is there on the phone to be tampered with, while the website code is kept on the server and the browsers are under huge amounts of scrutiny.

I wouldn't let that stop you using the app though.

Another point that might be relevant is that you can have multiple fingerprints registered to a phone, so anyone allowed to unlock the phone can access the banking app...

If your bank allows you to install a banking app on your phone, then you can be pretty confident it is ok to install that banking app on your phone, and if they are actively encouraging you to install it even more so. All the technical details aside, who has better security expertise and who has the most to lose? you or the bank?
Sure there might be some banking apps out there that have had poor security, especially in the early days of smart phones, but that is exactly the same for the websites.

This is about 1000% wrong

If your browser can be exploited then all of its protections are called into question, tls might be broken in some way but still made to look like it is working, or it might be working perfectly, but all the data isn't being intercepted as it is processed rather than in transit.

A major security benefit of controlling the software at both ends of a connection is that you control the authentication at both ends, this can be used to make it much harder to compromise data as it is transmitted.

In the world of secure phone apps this usually means you have a secure api and an app both with keys and certificates built in.
The app won't talk to an api that doesn't have the right keys, and the api won't talk to an app that doesn't have the right keys, that makes a man in the middle attack significantly more difficult when compared to a typical web app where the server typically has absolutely no way to validate it is talking directly to the end user.
On top of that, the certificates typically don't need to rely on public certificate authority, they can be deployed straight into the app, this eliminates a number of significant attack vectors, eg ca compromise or attacks against the local root certificate storage.

A major security benefit of having a purpose built secure app is that you can minimise potential attack vectors by not including unnecessary features.

A browser is like a swiss army knife, it can do all sorts of things, that makes it much more complex giving much more scope for exploitation, for example a browser will support various types of ssl as well as plain text http, this creates the scope for a downgrade attack, where as an app which only needs to work with the latest version of tls can be built without support for anything else, such an attack is then basically impossible.
And it is not just network level, there are all sorts of browser plugins, or even core features that might be exploitable, that just won't be there in an app that does not need then, even if the app is just basically a wrapper for a browser, it will be a much more simple browser, and probably from a much more mature code base.