Firefox Android requires my device password in order to view saved passwords, which suggests that passwords are encrypted at rest. However, it can also autofill passwords in webpages without requiring a device password to be entered. This suggests that passwords are unencrypted, at least while the phone is unlocked? (Unsure if device lock state matters.) I'm wondering, at an app-data level, when are passwords encrypted vs unencrypted? (Normally Android apps' data are hidden from other processes in secure containers, but certain privileged processes (e.g. especially on a rooted device) can still access this app data. So, I'm wondering if decrypted password data is ever stored in the app's data folder, or does decryption happen exclusively in-memory, or am I misunderstanding it and there's a secret third explanation?)