Avoid GUI Objects Caching

Android retains application screens in memory, and multitasking can result in the retention of an entire application in memory (even if the user logs out of their account). This allows an attacker that finds or steals a device to navigate directly to retained screens, which may include sensitive user data as part of the GUI. For example, if a user logs-out of a banking app but doesn’t quit or close the app, a screen displaying transaction activity may be retained and viewable to an attacker.

Quit the app entirely when the user logs out. While it’s against Android design principles to quit your own app, it’s far more secure because quitting the app will destroy any retained GUI screens.

M1 - Improper Platform Usage