I got a new phone. I figured this would be easy: just install Joplin on the phone and sync. I know the drill: all the data downloads to the phone, then the master key is used to decrypt.
It didn't go that way. To my surprise, data started decrypting immediately. I figure Google cloud backup had a copy of my Android's decryption key. That's not good. That shouldn't be backed up without explicit consent. Nonetheless, I let it continue.
Am I not allowed to let me Desktop Joplin auto-sync during this process? Somehow, Joplin decided to turn encryption off. I noticed the desktop client starting to re-sync a lot of items. "That's not right", I thought. Shouldn't it only be syncing the "Welcome" materials from mobile? Instead, it appeared to by syncing everything. I went into Desktop encryption settings and found it Disabled.
TLDR: somehow my setting up Joplin on a new phone triggered the whole app to decrypt the sync target.