[traceroute66]

> Even if a third party has my biometric fingerprint details, can I rely on how physical access to my phone is necessary to bypass the fingerprint lock

Two points to make:

First, I don't know about Android, but certainly on iPhone, the fingerprint data is stored in the Secure Enclave and the biometric reader on the phone establishes a secure communications channel (unique session key) with the Secure Enclave. So remote attacks are unfeasable unless you've managed to extract the underlying shared key from the Secure Enclave.[1]

Second, the definition of what is "stored". There are a number of different approaches to storing biometric data, and most if not all "modern" methods will store an algorithmic derivation of some sort rather than actual raw measurement data. Hence if the government is using algorithm A and your phone is using algorithm B, then in all likelyhood there is no viable way to transpose between the two.

Third, generally good OPSEC suggests to disable the biometric login to your phone anyway and rely on a password. That way, for example, someone can't just hit you on the head to render you unconcious and hold your finger to the sensor. (They would have to force the password out of you whilst you were concious, per XKCD[2] ;-)

[1]https://support.apple.com/en-gb/guide/security/sec067eb0c9e/... [2]https://xkcd.com/538/