On of the scenario is wherein the backend component is vulnerable and allows to send redirects to Android frontend the frontend would be performing the redirection and along with redirection the sensitive headers would also be transmitted

One of such cases could be HTTP Request Smuggling which could allow smuggling of a HTTP request within a HTTP request. The smuggled request would reach to the internal microservice/app server. Since the internal microservice/app server is usually not meant to handle such request because of sufficient filtering at Gateway/DMZ Server it would send a redirect response. The response when acknowledged at frontend would lead to exfiltration of sensitive data.