I business traveled this week to Central Asia Stan countries and had a chance to visit Kazakhstan and Kyrgyzstan.
Kazakhstan (stayed there longest):
Halyk Bank (the major one from my understanding) surprisingly worked with all exploit mitigation toggles active and all permissions denied.
Halyk Finance same, but requires DCL via Storage.
Kaspi (another bank) same, but requires DCL via Storage.
eGov mobile (government app) also works with all permissions denied and toggles enabled. Though, it constantly crashes and seems to just be crap according to reviews.
Not sure how long it's going to last though, Kazakhstan is simply the most fucked up country I have ever visited in terms of privacy and human rights (they require ID/Passport upload to connect to any public WIFI by law, your SIM is tied to your Passport and IMEI, all the apps are all-in-one similar to WeChat, and anywhere you go people with the right amount of money already know everything about you from gov records). They also recently had a breach of basically all Identifiers of all citizens and brushed it off as an 'old data'. According to my colleague there, the only aging data on the records are email addresses. Apparently nobody cares. Otherwise, beautiful country.
Kyrgyzstan:
Been there for a few days, but their analogue to WeChat called 'My O! + Bank' seems to work without issues.
Sorry for not posting on GitHub!