It is often noted that developers do not intend to leak any sensitive information, but there are chances that some confidential information could be stored in the device log files, which means that an app installed on the device can read any information that is passed by our target app.
The following screenshot from adb logcat
demonstrates that the password of Sieve is logged in plaintext. This information might include
personally identifiable information (PII), credit card details, and other confidential information. This type of vulnerability in the app is classified under the M4-Unintended Data Leakage subsection of the OWASP mobile top 10 risks section (Chapter 1, The Mobile Application Security Landscape).