Using Touch ID not for login

Question

Is it possible to use the Touch ID sensor in an app but not for login authentication? In the app, a user can scan another person's finger. The fingerprint will then be matched against the database finding that person's profile.

Answer 1

The answer is no. Reference: https://www.noknok.com/what-they-say/blog/apple-touch-id-app-for-mobile-fingerprint-authentication

So, is Apple's Touch ID API the answer to our online authentication needs? Currently, the API provides only two capabilities:

1. The ability to determine if the user was successfully authenticated to the device using the fingerprint sensor.
2. The ability to unlock iOS keychain data with successful fingerprint authentication.

While both capabilities offer local authentication, they do not provide a mechanism for the application or the user to authenticate to a remote server. App developers looking to implement remote authentication must create their own solution.

However, you could do as follows:

One mechanism to accomplish remote authentication is by using the Touch ID Keychain API to store passwords. A successful fingerprint authentication will unlock the password, allowing the app to use the password to authenticate to the server on behalf of the user. While quick and simple, this method still retains many of the legacy security problems of passwords including the vulnerability to large scale server side attacks on password databases. The user also bears the burden of keeping passwords in sync between the iOS keychain and the server, raising the possibility of significant user confusion and friction.