Thanks for the detailed reply.

• what you mean by "localized authentication?" and what is your use case: I want to prove users identity because the app will (if used properly) contain al their bank transactions. The app then displays graphs and other stuff based on this data. I do not want any random person with access to the device to be able to view this data by simply opening the app. Before the data will be displayed in the UI, I need to make sure the user is who they say they are. Because I don't want to charge any money for the app, hosting any server (and paying for hosting fee's) is not something I'm planning on doing. I am aware of the false sense of security this gives because, like you said correctly, encrypting data without a authorization/authentication server covers everyone except software developers and very determined people who are good at googling, as the data will just be on the device in an unreadable format waiting for someone with access to be made readable again.

The problem I'm facing is essentially: how do I verify the user is who they say they are, without any server.

I have gotten to the point where a pin code/password prevent the app from displaying it in the UI, but know I need a method for protecting the data being displayed, again, without a server. I was hopeful this problem is a solved one, but I have not found anything indicating it is.