I was once working for a project in a bank, a developer answered me to why they go app only, because "you don't know what people do with their browser".
It's only about the feeling of control (and some paranoia), not about security.
What I find interesting is that my bank has kind of the opposite stance. It allows you to do a lot more things if you login via their website and I think they overall trust your actions more if you do it over the browser, but you are required to pass a lot more security checks, while on the app a PIN is enough, but it also doesn't allow you to do as much.