That's different, it's technically possible not to comply with that statement because the location data is sent and stored, it takes just not deleting it to violate that, it just evaluates to a pinky promise that has to be verified by inspecting their systems.
This, on the other hand, is a technically verifiable claim, the code is open and it all runs locally on the same machine, the TEE will give the green light and that's how apps will accept your biometric verification, the only thing that might be suspicious is with the implementation of the TEE, I don't know if every manufacturer keeps the data it gets on the device or secretly communicates outside, this unknown is also a good reason to use a Google Pixel device if you care about that
Google Pixel phones use a TEE OS called Trusty which is open source, unlike many other phones.
I'm all for not giving more data points where it's not needed, but is this as bad it seems? All biometric data remains stored on the device, it isn't sent to Google, or any app for that matter, that's how the API works
The
dualitybinary of man