App Security

Continuing the discussion from Apple to Introduce Stolen Device Protection in the Upcoming iOS 17.3:

I don’t see why not. As far as I know, these apps are actually authenticating with traditional mechanisms (user ID and password, or maybe an authentication token generated after a UID/PW login). The authentication data is stored in the device’s keychain, which is in turn protected by FaceID/TouchID.

So if the FaceID data gets deleted/replaced, the corresponding keys should also get deleted. Apps will fail to load credentials and will fall back to asking you for your login credentials, just like they do if you don’t tell them to secure the login with FaceID.