There is a bug in 2.2.1 (20201) version of the Curve app which has some security concerns.
If you have fingerprint auth on (I have not tested this with it off, as I use it on, and have accidentally found this!) you are presented with the screen to enter your fingerprint.
I have a Xiaomi Mi A1 (Android P) which has physical buttons (running apps, home, back). If you hit the apps button (to view all open apps) while at this screen and then hit it again, it will ignore the authentication and simply log you in.
I have not tested this with software buttons.