Based on the following quote and web-page its clear to me that, from a regulatory standpoint, its ok to share to banking credentials with regulated Account Information Service (AIS) and Payment Information Service (PIS) providers.
Your banking terms and conditions should not prevent you from sharing your credentials with regulated AIS or PIS providers. Your bank cannot hold you responsible for unauthorised transactions just because you have shared your credentials with regulated AIS and PIS providers.
Furthermore, the following web-page lists all the regulated AIS and PIS providers, making it it easy to identify who these providers are
However a number of apps/services from established financial institutions such as Yolt (ING Bank) and HSBC Connected Money are not on the list. Furthermore some startups I’m interested in trying are not on this list - such as Chip and Plum.
Link  also contains the following text which might or might not cover these apps (this is what I’m not clear on)
Please note that there are other firms that may lawfully provide these services. These are UK and EEA Credit Institutions, EEA Authorised Payment Institutions and Electronic Money Institutions, and EEA Registered Account Information Service Providers. Under transitional arrangements the services may also be provided by firms that were carrying out these activities prior to 13th January 2016 and continued to provide them immediately before 13 January 2018
HSBC’s entry in the FCA register does not mention the term “Credit Institution”, but I don’t really know what a credit institution is and wonder if its a synonym for something else?
ING Bank’s entry uses the term “EEA Authorised” but not “EEA Authorised Payment Institution”. Does this mean it is or isn’t ok to share login credentials with it?
Chip seems to be an agent of Prepaid Financial Services which is an Authorised Electronic Money Institution. Does this mean its ok to share credentials with Chip?
Any guidance would be much appreciated. Note my interest here is how to identify whether an app/service has sufficient regulatory approval. I think technical judgement on the security underlying each app is also an important issue, but its a different issue.