Yep, it has to be that way! I remember when mobiles first introduced biometrics to prevent users having to log in to the phones themselves, which was bad enough, but also as a hook that applications could call to bypass their own login!
Do not, under any circumstances, allow your on-line banking to let you in by identifying you by your fingerprint, retina scan or anything else. Remember, at that point, your bank itself is not verifying that you are who you say you are - they are asking your mobile phone to do that!
https://www.google.com/search?q=mobile+phone+biometrics+bypass