3

I'm trying to create an AccountAuthenticator to be used with multiple of our apps (so one account in the system-settings used by multiple apps). Just like all Google-apps use the same account on the system.

The problem is: How can I set it up that only one app (we don't know which it will be) needs to be installed and when a second app gets installed, it can just re-use an existing account?

I've created my AccountAuthenticator using this tutorial and embedded into a library-project which gets included in all our apps. This works fine when only one app is installed.

As soon as a second app gets installed and the user tries to login, the system shows the intent-chooser dialog where he can pick both of our apps (because they both use the same authenticator-library with the same intent-filter). This should be the problem as well here (but I havn't verified it yet).

With some research you'll stumble across sharedUserId and this tutorial. But this "solution" has the problem, that you need some kind of always-first-installed app with the authenticator in it. Plus, with the new Google Play App Signing a sharedUserId seems impossible because every app will be signed with a different signature.

There might be a way to grant other apps access to the authenticator but there's still the problem that the authenticator-app needs to be installed first (as suggested here).

How can I solve this? How can I share an AccountAuthenticator with multiple apps without installing an app holding it first? How does Google do it? Do they have their authenticator in the Play Services?

Phantômaxx
  • 37,901
  • 21
  • 84
  • 115
hardysim
  • 2,756
  • 2
  • 25
  • 52

1 Answers1

2

Google Play App signing allows you to re-use the same signature across multiple apps, for precisely this sort of problem.

Just choose "Reuse signing key" when you see this screen: image link

Nick Fortescue
  • 13,530
  • 1
  • 31
  • 37
  • Hmm, maybe this would have been an option. But I'm beyond this step and I think I'm not be able to get this screen again. Any more ideas? – hardysim Mar 01 '18 at 13:12
  • That's all you can do if you need the same signing key. You could contact developer support on the Play Console to see if they can change your choice. If not, you could always republish the app with a different package name and get the signing key right this time, if you don't have any users yet. – Nick Fortescue Mar 01 '18 at 17:42
  • Hmm OK, that's for the use of `sharedUserId`. Is there any other way to get this working? I think even when using the same `sharedUserId` there would be still the intent-chooser, right? How does Google do it? Do I need to use an app holding the authenticator and make sure it's installed first? – hardysim Mar 02 '18 at 07:19
  • I just tested a new app on the Play Store and I was able to *reuse* the existing app signing key from my other app. So there *is* a way to have all new apps using the same key even when not having the key which google has created in the past (and they won't give it to you). – hardysim Jun 14 '18 at 09:20
  • @hardysim Since one of the links is not working in the question, I wanted to ask a question - Is it necessary for 2 apps to be signed with the same signature in order to use the same account in AccountManager? Also, sharedUserId has been deprecated. – BATMAN May 30 '21 at 21:44
  • I'm not sure if this is still possible if `sharedUserId` is deprecated now. AFAIK, an AccountManager can be used by totally different apps and can even check the signatures by itself (to allow only some apps). Using the same sharedUserId just makes it easier for "own" apps I think. – hardysim May 31 '21 at 10:51
  • @hardysim, I have an SDK. I am facing similar issue. I cannot retrieve my account from an app installled from a second PC due to Signature also I cannot have same signature or sharedID because of my SDK being integrated in other apps. Do you have any suggestions? https://stackoverflow.com/questions/71120775/android-account-manager-not-detecting-package-type – Preet Patel Feb 21 '22 at 08:33
  • I'm not sure if apps from a different publisher (with a different signature) are able to access an account. It might be not possible (and designed like that for security). I've never seen a third party app using a google, facebook, etc. account - they always use a (webview-)oauth flow and store the tokens themselves I guess. – hardysim Feb 22 '22 at 09:21