[scarface74]

That was from 2010. Most banking apps on iOS use Touchid. If they are using TouchID, they have to store the passwords in Keychain which is encrypted. It's only after the user uses their password that the OS gives the app the stored password.

[ashearer]

It's almost certainly correct that they use the Keychain for Touch ID. But I'd hedge that if they were bent on being insecure, they could use a different Touch ID mode that just returns a boolean. Does anyone know whether app review examines which mode they choose?