Android apps can never exfiltrate each other's secrets using the secret manager. Even while the apps are running. Same goes for iOS apps. You can maybe trick them into leaking their session tokens using weird browser exploits, but it's entirely up to the app developer to make that happen.

Windows' Credential Guard (https://learn.microsoft.com/en-us/windows/security/identity-...) is explicitly designed against the "dump all secrets while the system is running" approach.

Even Mimikatz requires exploiting design vulnerabilities and requires administrator access.

If you can break the kernel and all the safeguards the kernel has against secret exfiltration, you may be able to decrypt data from other applications, but it's not like on Linux enviroments where any application running as any standard user can dump the entire credential database by just asking.