The army of corporate boot lickers in the mobile phone context is largely composed of people who think banking on a smartphone is wise
This is extremely reductive and oblivious to the actual realities of banking in various countries. If you think it’s easy to be “unbanked” then I would suggest that you try it yourself first.
Because some banks now require you to authenticate every payment (eg. online payments using your debit card) and every new recipient for bank transfers, using their phone app. The apps rely on the chain of trust that Google and Apple provide with their TPM or “secure enclave” chips to cryptographically authenticate that it is indeed the same device that the bank previously authorized.
Online banking via the website of these banks will still require at least one tap on the phone app to authorize any transfers that you make on the website.
Linux phones (and custom Android ROMs) don’t benefit from this same chain of trust, and so even if they have the secure chip in the hardware, the banking apps don’t have a convenient API to query it, so the banking apps just don’t work.
Banking fraud causes a serious amount of money lost to criminals each year so it’s not surprising that the banks want better ways of determining if a request is really coming from their customer('s device) and not a criminal who phished their online banking password.
This situation won’t change unless either Linux phones gain in popularity enough that the banks decide to port their apps to the platform or a law is passed saying that banks must support more than just Google and Apple (ie. custom roms etc.) at which point the work will be done to use the hardware attestation available in the phone on other software platforms.
The default on librewolf (and possibly Firefox?) is to show the punycode in the URL bar since rendering the international characters can be used as a way to create phishing URLs that look similar (and sometimes identical) to characters in the latin alphabet. This is a very dangerous feature since the URL bar of the phishing site can look identical to the real website address.
To enable the display of the alternate character sets represented by the punycode URLs, you have to set
network.IDN_show_punycodeto false inabout:config.