Under what circumstances will a current Android sync or otherwise send passwords off the device? The credentials in question are for:
- WiFI
- Non-Gmail email accounts accessed through the stock Gmail app
- Other apps, eg. Twitter
This question is on behalf of a family member looking at acquiring a Pixel 3, but concerned over how such is handled (including whether apps are able to read each other's data). I've been able to find details of how the Gmail app works with credentials for Gmail accounts, but for other email types and the other cases the details seem more fuzzy (or the answers more than five years old).
It is of course expected that for email protocols such as POP3 the client will need to submit the credentials off the device to authenticate with the service; this question is about whether they might get sent somewhere else as well, for whatever reason, and whether this can be controlled.