[romaster]

On the question of security and privacy - is my face being matched on THEIR cloud? or locally and then a token is matched?

Liveness on the whole has its own issues in terms of a spoofing 'arms race' and secondly the more complicated they make it the larger the risk of False Rejection Rate (rejection what should have been accepted)

On your latter point, it is a bit of a flaw that I feel inclined to address - Depends on implementation. on iPhone, your "fingerprint" is not exposed when you use that to unlock your phone... but then again when using that to maneuver in an app, you're doing no server side validation.

Per Apple Support (https://support.apple.com/en-us/HT204587):

Touch ID doesn't store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn't possible for someone to reverse engineer your actual fingerprint image from this mathematical representation. The chip in your device also includes an advanced security architecture called the Secure Enclave which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of the chip and the rest of iOS. Therefore, iOS and other apps never access your fingerprint data, it's never stored on Apple servers, and it's never backed up to iCloud or anywhere else. Only Touch ID uses it, and it can't be used to match against other fingerprint databases.