Android AccountManager across apps: uninstalling the first app that registered the account causes the account to be deleted?

Question

What we want to achieve: cross app single sign on

We have 2 apps (app A and app B) that we would like to share the same user account. That is, when a user logs into app A, they will be automatically logged in app B, and the other way around.

What we have done

We created a custom authenticator (extending AbstractAccountAuthenticator etc) to retrieve auth tokens from our service to ensure users are logged into our apps.

We pulled the authenticator into two different apps (app A and app B) that we wanted to share accounts.

We installed app A, and signed in. Then we installed app B, and saw that we were automatically signed in. Yay!

HOWEVER, when we then uninstalled app A (the first app we installed) we saw the following message:

03-20 16:43:27.057 862-862/? W/AccountManagerService: deleting account [email protected] because type com.example.app.a's registered authenticator no longer exist.

and saw that we'd be signed out of app B, and the account had disappeared from accounts.

The question is: Is the only registered account authenticator the first one that is installed? Is there no way of falling back to the account authenticator in app B if app A is uninstalled?

(fyi: we've seen that setting a sharedUserId solves this problem, but our apps are currently live so changing their userId is not an option)

Answer 1

You may want to explore a solution suggested by Google in this article, which consists in distributing your authenticator as a separate APK:

If only one app will ever access the [account] service, then this isn't a big deal—just bundle the service in the app. But if you want your account service to be used by more than one app, things get trickier. You don't want to bundle the service with all of your apps and have multiple copies of it taking up space on your user's device.

One solution is to place the service in one small, special-purpose APK. When an app wishes to use your custom account type, it can check the device to see if your custom account service is available. If not, it can direct the user to Google Play to download the service. This may seem like a great deal of trouble at first, but compared with the alternative of re-entering credentials for every app that uses your custom account, it's refreshingly easy.

The authenticator APK will not be automatically uninstalled when your user uninstalls your apps A and/or B. This means that your users may be already authenticated if they decide to reinstall your app(s). This may or may not be desirable, since it puts the burden on your users to remember to uninstall the authenticator after uninstalling your apps.