With version 4.3, Android increased the security of the operating system dramatically. Since this version, it is possible to use a Keystore. Keystore gives the ability to securely create and store keys for encryption without always asking the user for credentials. We use this mechanism to store WebDAV credentials on Android 4.3+ devices. On devices running Android 4.1 and 4.2, WebDAV credentials are stored unencrypted.
We recommend to update your phone to the latest Android version (at least 4.3 if possible). We advise to not use Cryptomator with WebDAV on devices running Android 4.1 or 4.2.
We may solve this in the future by asking for the password each time a vault is unlocked but currently other issues have higher priority.
For more information, read this blog post.