That does seem better than blind trust but that app infrastructure could get compromised. I would still be wary in any situation where I did not originate the call with the bank.