Which apps handle this better? I'm not supremely concerned about my password being pulled from memory, from an attack surface perspective, but I am curious which apps address this best and how.
Not saying it's the best out there (and the UI is a little clunky as it often flashes a pin input screen that gets skipped over when using your fingerprint), but I like how Keypass2Android can be configured to do it. When you select "Enable Biometric Unlock for Quick Unlock" (and don't disable the PIN feature) you can use your fingerprint as long as the app is still in memory, without it storing your master password.
I know the Android Lastpass client would often prompt for a Master Password if it hadn't been used in a while, then let Fingerprints unlock it. I assumed it did something similar but haven't deep-dived the implementation.
I know the Android Lastpass client would often prompt for a Master Password if it hadn't been used in a while, then let Fingerprints unlock it. I assumed it did something similar but haven't deep-dived the implementation.