One of the features that we've become accustomed to with our modern mobile devices is that of a fingerprint reader. Both iOS and Android provide access to the hardware fingerprint reader through APIs exposed to developers. The fingerprint APIs can be used correctly and incorrectly, with insecure coding resulting in authentication bypasses and information leakage. This talk will demonstrate how the APIs and underlying technologies work, how you can use them correctly and incorrectly, and how a malicious actor may attack the fingerprint APIs. This talk will involve code, tools and iOS and Android test applications to demo.