Providers require passwords in plain text, so the background service that takes care of synchronizing messages needs to send passwords in plain text.
All supported Android versions [encrypt all user data](https://source.android.com/security/encryption/full-disk.html),
Since encrypting passwords would require a secret and the background service needs to know this secret, this could only be done by storing that secret.
so all data, including usernames, passwords, messages, etc, is stored encrypted.
Storing a secret together with encrypted passwords would not add anything, so passwords are stored in plain text in a safe, inaccessible place.
Recent Android versions encrypt all user data anyway.
M66B
6 years ago