Both iOS and Android allow using a fingerprint sensor for logging in, and allow applications to store secrets that can only be unlocked using the fingerprint. Both allow one or more fingerprints to be stored, and allow adding or removing fingerprints.
When used by an application to store a secret, there are two modes: Either the secret is protected by any currently stored fingerprint, or it is protected by the set of fingerprints that were stored when the secret was stored. That makes sense; if I store a secret and later the device user adds another fingerprint (possibly of a different person), I don't want that new fingerprint to unlock the secret.
What happens though is that on both operating systems, in this mode adding a fingerprint destroys the ability to read the secret. Say I registered fingers A and B, then the secret is stored, then I add finger C. I would have expected that finger C cannot unlock the secret, but fingers A and B still can, but both in iOS and Android this is not the case.
What is the reason for this behaviour? Is it a technical difficulty that doesn't allow the keep two fingers valid, or are there security reasons that make this a bad idea?
