Apple says that apps must use TLS encryption for iOS 9.0 and later, so I don't know how this app is even usable anymore.
Storing passwords without encryption is unacceptable for any app, according to the OWASP https://github.com/OWASP/owasp-masvs, specifically, this item:
2.1 MSTG-STORAGE-1: System credential storage facilities need to be used to store sensitive data, such as PII, user credentials or cryptographic keys.The Mobile Top 10 2016-M4-Insecure Authentication explanation says:
"...mobile applications should never store a user’s password on the device; Ideally, mobile applications should utilize a device-specific authentication token..."In 2018, the German chat platform Knuddels.de was fined €20,000 for storing user passwords in plain text.
No HTTPS connections should be possible through the proxy.
Here's the app:
The network traffic sent all the data with no encryption over the Internet: