Security concern on locally stored authentication token

It is a common method on mobile applications to allow users to bypass authentication process by verifying a locally stored token (previously authenticated) on device.

This is to strike a balance between usability (avoiding authentication every time) and security.

  1. Are there any security holes in this process?
  2. What are measures to be taken to strengthen this method?