Concordski & Buran
by Volker Weber
Whether it's a Concordski or a Buran, you often find inventions that look familiar. So when Apple made the iPhone 5S with a fingerprint reader on its home button, similar designs appeared in Android land. Since there is always a great rush to implement those designs, sometimes engineers have to cut corners. HTC seems to have forgotten to copy the design that Apple chose to protect user's fingerprints for its HTC One Max phablet and just stored the fingerprints in the file system, world readable by any process.
Interesting research paper:
In this talk, we revealed some severe issues with the current Android fingerprint frameworks that have long been neglected by vendors and users. We provided in-depth security analysis of the popular mobile fingerprint authentication/authorization frameworks, and discussed the security problems of existing designs