As long as biometrics don't unlock secrets (keys, passphrases, shared data etc) it is fine. In all other cases you are correct and it needs some form of replaceable, retractable secret i.e. a passphrase.
This would be a very welcome feature but considering how the secret stores work at this point it is not likely to see this any time soon.
Sidenote: The false positive rate on any biometrics is way higher than you think (it is highly disadvantageous to be black unfortunately, yes biometrics are racist). People usually consider the near bound (e.g. small sample size, high differentiation unless you have twin) of the people around them as proof it is impossible but this has been problem a fallacy in even mediocre sized studies.
It still works but I would really like to see your suggestion to make sure real secrets are properly stored/safe.
> As long as biometrics don't unlock secrets (keys, passphrases, shared data etc) it is fine.
That's a weird definition of "secrets". Mails may contain secrets. Pictures may contain secrets. Messenger posts may contain secrets (cf. all the leaks of chatlogs).
If I remove all apps from the homescreen that may contain secrets, that leaves me with the flashlight and Candy Crush.
This would be a very welcome feature but considering how the secret stores work at this point it is not likely to see this any time soon.
Sidenote: The false positive rate on any biometrics is way higher than you think (it is highly disadvantageous to be black unfortunately, yes biometrics are racist). People usually consider the near bound (e.g. small sample size, high differentiation unless you have twin) of the people around them as proof it is impossible but this has been problem a fallacy in even mediocre sized studies.
It still works but I would really like to see your suggestion to make sure real secrets are properly stored/safe.