The bug that says FP isn't working in secured apps is related to Mc-Registry, We are using S7 Oreo one and because Ore MC-R isn't securing the Key-store in some apps it fails to save your Fingerprint as login option or whatever the use of it. in normal apps let's say Applock it doesn't require secure connection between MC-R and Key-Store that's why it saves your FP and you can use it as login option to your apps.
Example of apps that FP isn't saved in is PayPal, Not all banking apps got this issue. it depends how your bank app devs created the app and weather it needs secure connection between MC-R and Key-Store or not.
According to https://source.android.com/security/keystore, it seems the issue is nfe system & patch level didn't match the version in the tee keystore. If i am correct, is it possible to fake a version that passed to the tee.
Thanks for your time~
Version binding binds keys to operating system and patch level version. This ensures that an attacker who discovers a weakness in an old version of system or TEE software cannot roll a device back to the vulnerable version and use keys created with the newer version. In addition, when a key with a given version and patch level is used on a device that has been upgraded to a newer version or patch level, the key is upgraded before it can be used, and the previous version of the key invalidated. As the device is upgraded, the keys "ratchet" forward along with the device, but any reversion of the device to a previous release causes the keys to be unusable.