The security flaw here is that there aren't any access controls, not that they use the same symmetric key everywhere for local storage. Even if they store the logs in plaintext, other apps should not be able to read those logs.