If the app is on the same device as the OTP, that's not really 2FA, since the device has both factors on it, making the device 1 factor. Maybe 1.5 factor since there are ways to steal a password without getting access to the device. Anyway the computer or a dongle can be the OTP device just as well as the phone can.

It is two factor still. For example, if you need to give a OTP through sms after puting the credentials. It is possible someone stole the credentials and entered them on another device, but he also has to put the OTP sent through SMS to prove he is also in possesion of the phone number and thus makes the authentication a two factor. If you think both authentications on the same device is one factor, both authentications in the same room is also one factor, going by the same logic - an attacker will have you and everything needed to force his way into your bank account together, then he only needs a big baseball bat to do the job.

I would say the authentication app is becoming mandatory, not the banking apps.

It is perfectly possible to use the website but authorize with the app. Which I admit does not solve the problem at hand

This is what I usually do: login on the computer and authorize on the app with a fingerprint or a PIN. It depends on the bank and doesn't require signin in into the home banking, only opening the app. The access to home banking in the app is always by fingerprint.

Many banks allow you to request a physical device to generate the tokens, so a smartphone isn't required.