It depends on the app but at least in the areas I work (business apps relating to tracking money) I wouldn't assume that device authentication is sufficient.
But for biometrics, keep in mind that biometric systems are currently seen as the most subject to false positives of any authentication system out there with the possible exception of improperly maintained and insufficiently strong passwords.
Now, an SD card with a certificate plus face recognition might be ok ;-)