Android has always operated as a connected operating system. It feels almost alive in the course of daily use as tweets and emails flow into the phone. Your contacts remain synced with various services in the cloud and apps remember your login info. All this data synchronization requires a fairly complicated set of logins and account management behind the scenes.
Developers have the option of working within the Android operating system to manage credentials, or rolling their own solution. So let’s talk about how accounts and logins are managed on Android devices.
This is the principal feature of Android account management, and the first brush most users will have with Google’s attempts at a single sign on. When you start up an Android device it will ask for your Google account information. These credentials are stored in the Android Account Manager (more on that later) where you can take advantage of sync settings.
Over time, more and more services have been added to the Google account. There was a day when it was just Gmail, Calendar, and Contacts. Now you also have the option to sync Docs, Reader, Music, Books, and Picasa. These can all be toggled on and off individually. No other account has such extensive synchronization options.
The Google account, while having the distinction of being requested as the phone starts up, works within the same account management system as other apps do. Any developer can take advantage of the integrated account manager.
Android Account Manager
The Android Account Manager is available for your perusal in the Android system settings under the Accounts & Sync label. Here you can see the accounts that are plugged into the Android OS for synchronization of their data. If you click though, you will see each app has different checkboxes, but most are limited to Data and Contacts.
Some third party apps that use the Android Account Manager include Twitter, Last.FM, Facebook, and Skype. The Android Account Manager is basically an API available to Android developers that makes use of the OAuth protocol. Developers have to jump through some hoops to get their app to display in Accounts & Sync, but the first step is adding the AUTHENTICATE_ACCOUNTS permission to the manifest file for the app.
The app will need a login screen which can be handled by the Authentication Manager, or by the app itself. This process will reach out to the online service and use OAuth to generate an AUTH TOKEN which will be cached on the device. Thus, the application can access data through the Android Account Manager. The AUTH TOKEN will eventually expire, and Google just tweaked how this process works due to security concerns
Once the service lives in the Account manager, a developer just needs to decide on sync providers. Android allows for Contacts, Data, as well as a custom source of data (for example, status updates). This is what generates those checkboxes for toggling off individual data sources.
The process above is the general process for an app that is adding itself to the Accounts & Sync menu. A separate app can also request the AUTH TOKEN from someone else’s service. A common example of this is an app that requests access to your Google account via the Google Apps Engine. This is a handy way for an app or service to avoid having its own set of login credentials to manage.
The other way that an app might choose to manage accounts on Android is much simpler, and exists outside the Android Account Manager. It is possible to just store login credentials locally in app data. Many games and simple online services work in this way. Services like OpenFeint provide a separate API for developers to access their system via various apps. An app like Dropbox just stores login data on its own. Apps like this do not rely on the sync features of the Android Account Manager, so there is less reason to use it.
If you check out the application management interface for an app, you will see a line listing the amount of data it stores. This is where the account information of many apps is stored. If you clear this, you can go back to the app and log in as if it were the first time. A service that uses the integrated account management will still remember who you are if you clear its data thanks to the OAuth token stored by Accounts and Sync. You need to log back in, but the Sync settings will remain.
Why this is cool
The way Android handles account management is one of the things we really dig about the platform. Google has given developers the necessary APIs to hook into contacts and sync settings fairly easily.
When you check out your contact list, images are updated and you can see social networking status updates. The popup contact list even links you right to the services ties to your contacts. On a platform like iOS, this sort of access is tightly controlled (Twitter was just integrated in iOS 5). We much prefer having apps work within the system Google has provided to make the phone feel like a more connected device.