A credential was found in a file the app wrote (shared-prefs / database / cache), readable on a rooted or backed-up device.
A secret (token, key, password) was written to app storage in plaintext during the run. Backups, run-as on debuggable builds, and any local-file bug turn that file into a credential dump.
Persisted credentials outlive the session and leak through every local-storage channel.
val prefs = EncryptedSharedPreferences.create(context, "secure",
MasterKey.Builder(context).setKeyScheme(MasterKey.KeyScheme.AES256_GCM).build(),
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM)