It's still possible, you just need to declare which other apps you query for. Even then, there are loopholes that still let you query for all apps installed on the device.
> Apps that have a verifiable core purpose facilitating financial-transactions involving financially regulated instruments (for example, dedicated banking, dedicated digital wallets) may obtain broad visibility into installed apps solely for security-based purposes.
But HSBC app declares "<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/>" permission, which requires an explicit approval (https://support.google.com/googleplay/android-developer/answ...) but
> Apps that have a verifiable core purpose facilitating financial-transactions involving financially regulated instruments (for example, dedicated banking, dedicated digital wallets) may obtain broad visibility into installed apps solely for security-based purposes.