Hi there, I encountered a possible security issue in the iOS app. I deleted my Face ID and registered a new one. The app did not complain and let me in without a problem.
When something changes in the Face ID (additions / deletions etc) ideally the Face ID login option should be invalided.
Same would apply to Touch ID. I also use the app of Bunq. They require the pincode after each app update or when you donβt use the app for some time (usually a few days). After entering the pincode, you can unlock the app using Touch ID next time you have to unlock the app.
I have 5 banking apps, they all invalidate the biometrics login after a change. You could go with the logic that biometric access to your phone equals access to everything.
For an extra layer of security if you introduce a new biometric user or someone registers a new one on the iPhone being unlocked, you donβt want them to have access to your financial data.