Chris left a great link that can help. Have you given that a shot to see if that helps? Please let us know.
The error means that the t-mobile app tries to pass your personal information in clear text with http instead of encrypted with https.
Recent versions of Android do not allow that.
Starting with Android 9 (API level 28), cleartext support is disabled, and apps must request it explicitly in their AndroidManifest.xml, but the better solution is changing http to https, probably just a few minutes of editing in the app source code and then rebuilding.
If you look at the full error text in the t-mobile app, it shows a URL starting http: instead of https:
Android 9 has been out since August 2018 (almost a year and a half ago), and Android 10 is out already.
Wiping your cache (as suggested above) will not help. The problem is the app, not your phone.
Thank you. Oddly enough it has corrected itself after several weeks and I did nothing.