Re: Eh?
> People freely let Google have a copy of their fingerprints
In theory, Google never gets a copy of the fingerprint.
The mechanism is exactly the same as with passwords.
1) Get prompted to enter the new password ('enroll').
2) password gets hashed and that hash is saved locally on the device.
3) to 'login', enter password
4) entered password gets run through the same hashing algorithm as the enrolled password
5) compare hashed (and salted hopefully) entered password with the saved locally enrolled hashed (and salted) password.
6) if they match, successful login.
For fingerprints, the process is the same excpet substitute 'fingerprint' for 'password'. Google - outside its code running locally on the device - should never see the password or fingerprint.