USAA does, but it's not implemented as simply as app passwords. There are two major issues with aggregators: 1) authentication and 2) data access mechanism. A read-only app password would solve #1, but aggregators commonly implement #2 by screen-scraping, which is the bane of everyone's existence. I wouldn't be surprised if half of the reason BoA cut off aggregator access was because most of the aggregators were screen-scraping, and BoA got tired of the support calls whenever they made a site change and people's accounts stopped syncing.
Last I heard (um, a couple of years ago), USAA's solution was a proper API, but Mint was still screen-scraping. I have no idea if that's because Mint is lazy or USAA'S API is too limited for what they want, but my money would be on the former.
2. Some are trying to provide their own convenience systems as a competitive advantage over other banks, and to create costs for people switching out from them to a different bank. Supporting any method of aggregation where the bank becomes a dumb store of a money is disadvantageous to that strategy.
Last I heard (um, a couple of years ago), USAA's solution was a proper API, but Mint was still screen-scraping. I have no idea if that's because Mint is lazy or USAA'S API is too limited for what they want, but my money would be on the former.