We don't know what kind of sensors was used to test this in the article, but there are two main types of fingerprint sensors, optical and capacitive. Optical is just a camera, basically. Capacitive actually measures the variation in electric conductivity caused by the ridges of the fingerprint and can build a unique ID from that. I think the "make a cast of the finger in an electrically conductive material that is more or less within the variation of resistance of an average human finger" method would work with these, too. There are more advanced sensors that are based on capacitive touch, but have anti-cheating measures, such as making sure you have a heart beat and whatnot (think of how pulse ox meters that clip onto your finger work). I am not sure if any phone's use the more advanced types, though. I think all of them would be defeatable by a motivated attacker, even "at scale". I imagine you could create a "skeleton" of a thumb that would defeat a heart rate based verification method, and then a 3d printed fingerprint cast in a conductive material could be slipped over it, etc.

I think FaceID would be more secure based on the fact that it would be hard to fake an entire face at scale (faceID does a bunch of verification type stuff too to make sure you are not just pointing the sensor at a dummy that looks like a person). At the end of the day though, if an attacker has a sufficiently high res scan of your finger or face, and enough time/money/will, any type of biometrics could be bypassed.

Well if you have a Google pixel you have nothing to worry as it won't recognise legit fingerprint 9 out of 10 times.