Using latest version of Android app 2025.2.0 (19883),
I noticed the following security weakness with default settings:
Behavior: Start typing your passphrase or PIN to unlock your vault. Let the app go out of focus (i.e. chat some, browse some news or something in another app).
Go back to the Bitwarden app. The partial or full password/PIN will be available for reading or inspection.
Expected secure behavior: The password/PIN should be removed when the app goes out of focus to prevent user security lapse - or if this is not possible by Android/iOS, when it regains focus. An attacker might be able to deduce the full passphrase/PIN with just part of it.