Dรฉlano I totally understand your hesitation Dรฉlano.
What the server basically does is connect to the bunq api, and then normalise the response into a bank agnostic structure. This means I can easily support more bank APIs in the future, without having to update the iOS app.
It also makes it easier to work around API quirks, such as half-implemented OAuth. For example: The bunq OAuth system is non standard, but can be kinda normalised into standard OAuth. An api key becomes a Refresh Token, and a session token becomes an Access Token. By doing this normalisation on the server, the iOS App can just talk normal OAuth.
API keys and session tokens are not stored on the server, so we can never connect to bunq without your phone initiating a request.