It works this way for security reasons
WhatTheFluff I've seen that said a lot by developers of Android, however they never gave any actually valid reasons that couldn't just have configure options so the user can choose how short or long they want the timer to be.
But in this thread two reasons were mentioned.
- I wrote (de0u ):
My understanding is that the fingerprint reader can report that a fingerprint is/isn't in the enrolled set, but that the fingerprint reader doesn't release encryption tokens because it doesn't have access to them. My understanding is that after a restart the only way to access private data for a profile is for the profile's storage key to be derived from the PIN/passphrase.
If the fingerprint reader could decide to decrypt storage before the first unlock, or whenever it wanted to, that would significantly increase attack surface. That is a security reason.
- The official project account wrote (GrapheneOS):
You leave fingerprints all over everything you touch so in reality it's not actually particularly secret and it's not a primary unlock method for good reason.
Leaving unlock information (fingerprint images) around, so it's not secret, is also a security reason.
Any given person might choose to weigh those reasons lower than some other factors, but that doesn't mean that no "actually valid reasons" have been presented.
I can't help observing that Apple devices require a PIN or passphrase after reboot (and, I think, at other times). So again fingerprints aren't being used as a primary unlock method. If there are no "actually valid reasons" for this practice, is it just coincidence?