You don't need them to authenticate again, as the phone would be already unlocked.

What you want to do is periodically (at a random time each time) ask the user if they still want it to do the privacy sensitive action still. This way, it vastly increases the chances of detection if the action was added by a third party.