While enterprise services usually employ PKI for user authentication, most publicly available online services rely on passwords to authenticate their users. However, typing complex passwords on a touch screen mobile device multiple times a day for different sites is not a very pleasant exercise.

In an effort to improve the user experience when accessing online services, Android provides a centralized registry of user accounts that can cache and reuse credentials. This account registry can be accessed by third-party applications, allowing them to access web services on behalf of the device user without the need for apps to handle passwords directly. In this chapter, we discuss how Android manages a user’s online ...