It's not shady, its the explicit purpose of these apps, they collect your transaction data and show you more detailed analysis of it. Since there is no API to safely get the data in a read only way, the only option is to screen scrape the banks website.

It is absolutely shady and scary that they store your banking credentials so that they can log in with them. The fact that there isn't a better option doesn't make it any less shady and scary.

They explicitly explain this to the user and apparently even encourage that you instead manually export files and upload them but also provide direct login as a feature.

Yes its not perfect security which you may find scary but I struggle to find what about it is shady when they are very open about what happens.