[pudquick]

Why does that make a difference?

If it's a signed response, at some point there's another piece of code that checks that the signature is valid and returns a yes/no.

I think the reason Apple's sensor was mentioned in this instance was due to how Apple handled storage and usage of biometrics as described in here https://www.apple.com/business/docs/iOS_Security_Guide.pdf

Compare that to, say, other laptop vendors: https://support.lenovo.com/us/en/product_security/len-15999

[Buge]

It depends on where you're authenticating to. If you're authenticating to yourself, then sure a signature is will just be converted to a yes/no and be no better. But if you're authenticating to a server, the server can do the signature verification, whereas a server looking at a yes/no that a client sends would be mostly useless.