One way to implement the second scenario is to implement your own class that inherits the application and specify it in your manifest. You can put your static variables in this class. Android will create one instance of this class when it starts your process, and this instance will be alive until the process is alive.
So, if you have a simple logical class in this class that indicates whether the signin action has been performed, now you have a reliable way to check at any time whether you should direct the user to login activity or try to use the username / password .
In addition, you can use one of the standard Android persistence components (shared preferences file, SQLLite, AccountManager, OBB, credential storage, etc.) to save credentials when the process restarts. However, please note that this raises a number of problems related to how to properly protect the saved copy of the user credentials in order to protect it from unauthorized access by other applications (especially on root phones).