[davidkhess]

Normal usage would require a reauthentication - i.e. FaceId or TouchId - to produce the passkey.

[kogus]

Currently on the iPhone, if your FaceID or TouchID fail repeatedly, you have the option to type in the passcode, which grants the same access. I'm not sure if the same is true on Android.

I think the more general point is that "able to unlock the phone" is not / should not be the same as "I have verified that this is you" for sensitive applications and information.

[michaelt]

I just tested with two banks' apps. They both allow touch ID with fallback to a bank-account-specific PIN - not the phone passcode.

Of course, if you've enrolled your kid's fingerprints they'd have access.

[TIPSIO]

Ah cool, the Google post made it seem a bit more automatic and instant.

> you will simply unlock your phone

Then I guess that really is no different from opening an app.