Does Firefox Android encrypt passwords at rest?
Firefox Android requires my device password in order to view saved passwords, which suggests that passwords are encrypted at rest. However, it can also autofill passwords in webpages without requiring a device password to be entered. This suggests that passwords are unencrypted, at least while the phone is unlocked? (Unsure if device lock state matters.)
I'm wondering, at an app-data level, when are passwords encrypted vs unencrypted?
(Normally Android apps' data are hidden from other processes in secure containers, but certain privileged processes (e.g. especially on a rooted device) can still access this app data. So, I'm wondering if decrypted password data is ever stored in the app's data folder, or does decryption happen exclusively in-memory, or am I misunderstanding it and there's a secret third explanation?)