I suppose that is not only black or white, there are mitigations available, however, software developers have to be diligent which we cannot enforce unfortunately and those introduced curbs are a fantastic way of controlling this behavior. The following article explains further the available mitigations - https://developer.android.com/privacy-and-security/risks/dynamic-code-loading
I have myself three different banking apps using DCL...