I really wish mobile app developers (especially those from iOS) would look at the AccountManager on Android and actually use it. You only ever need to enter credentials once and the AccountManager will store them. Apps can ask for tokens from the AccountManager so they never get the actual password. And new apps can be installed that add themselves to the AccountManager list (eg Dropbox, LinkedIn, Skype etc do this). This is how it should work.
iOS drives me nuts. There was an old joke dialog years ago "Windows has detected that you r mouse moved. You must reboot for this change to take effect." The contemporary version seems to be "iOS has detected you want to do something. You must enter a password (yet again) for this to happen." I can't understand why people are ok with this - your password should be long and hard to type and hence virtually impossible to enter on a mobile device.
You can always tell the iOS apps that were ported to Android because they have their own UI for asking for your account information instead of using the system. They also almost universally believe you only have one of a kind of account - eg only one Google account. Who doesn't have multiple ones these days (school, work, personal etc)?
Not sure if you're actually an Android developer but I just ran into this issue while working on an app: AccountManager isn't really meant to be used as a standalone password store, it needs to be hooked into a SyncAdapter & ContentProvider in order to function properly. (http://stackoverflow.com/a/8614699/188197)
Its purpose is to allow the system-wide SyncManager to manage syncing data to/from a web service in the background. But if your goal is just to store user credentials somewhere, it's not necessarily the right place to do so, which is why I imagine some apps choose not to use it.
I am an Android developer amongst others. Note that the SyncAdapater/ContentProvider etc don't actually gave to do anything. And more to the point the writing of that code is the problem of whoever is providing the service.
As an example the Github app that came out the other did things right and installs itself with AccountManager. That means any app can now authenticate against Github without needing its own code.
I will admit that it isn't trivial to add your own stuff to AccountManager, but the important part is that it only has to be coded by that provider once (Github in the above example) not by every single app that wants to use it.
What are some cases where you've been asked for a password in an iOS app? I've only ever seen this for initial login with like facebook or instagram, and when updating apps (very annoying, I agree).
The iPad browser is a trainwreck in this regard. Not only doesn't it support LastPass or 1Password. It also utterly fails to remember passwords that were painfully entered manually.
For most sites it simply doesn't recognize the login at all. On some sites it works intermittently, often forgetting the password for no reason or the auto-fill not working reliably.
And don't get me started on HTTP-Auth. You can save those sites (by making a bookmark) but you get a phishing warning every single time you access it.
I have pretty much abandoned the iPad for browsing for this reason. The only time I fire it up is to lookup a movie on rotten tomatoes.
I'm still bitter this device was pitched to me as "the internet in your hands". It's not up to the task. Not even close.
Only problem I have with AppStore is that it requires my password for free downloads. Paid download? Hell yes, require my password if I haven't typed it in for 15 minutes.
I have kids. I'm happy they _always_ ask for a password... Free apps can be malicious e.g giving away location to parties unknown. But still you're right - this could be an option users can decide.
This is part of a deeper problem with most mobile OSes.
I might give my phone to somebody so they can make a quick call or look something up online.
However, I don't really want them being able to dig through my history or be automatically logged into my email etc.
If I had a child I'd want to be able to let them use my phone but only in a special mode that allowed access to a limited number of whitelisted websites & apps.
I'd like my phone to offer a few different "shells" of access:
- Emergency calls.
- "Share" or "play" mode. Selected photos or apps.
- "Mobile" -- ready access to stuff I need, but not distractions (the "Car Panel" on some Android phones is somewhat like this, but I'd appreciate if it didn't encourage use while driving).
- "Full" complete and potentially immersive access.
There are currently a few projects ongoing with enabling VMs on smartphones. The way it was thought is that you would put your corporate stuff on a protected VM that would have no external app install, and the rest (games, social networks...) would be on the "fun" VM. That way, the company data would be better protected.
The good thing about the AppStore password timing out after 15 minutes is that you can hand your child the ipad/iphone/etc. and not get a surprise $5,000 itunes bill.
This is confusing authentication and authorization. Is this phone legitimately tied to this Apple ID? Yes. Is the owner of the account authorized to make such a purchase? No.
A short appstore PIN could solve this much more easily.
I'm not so sure having _yet another_ PIN for users to remember would be a good idea. And besides, a short PIN would be far easier to deduce by looking over a person's shoulder.
Yeah, it's configurable between "Demand my password again if 15 minutes has passed" and "Demand my password again immediately." You can tell you're going in the wrong direction when you first have to "enable restrictions" hoping to relax the restriction. I take it you've never actually tried to configure this option.
It depends on the app but at least in the areas I work (business apps relating to tracking money) I wouldn't assume that device authentication is sufficient.
But for biometrics, keep in mind that biometric systems are currently seen as the most subject to false positives of any authentication system out there with the possible exception of improperly maintained and insufficiently strong passwords.
How about each Google app I install? Or any app that has Dropbox integration? Or Trello. Pretty much every app is an island and doesn't know that you have already entered your username and password numerous times in other apps.
>The vast majority of Google account holders only have one account
as google apps for business and schools becomes more and more popular, this becomes more and more wrong. Tons of non-technical people have a personal gmail account and a school/work one.
Over time people are far more likely to accumulate more accounts. The longer someone has been on the net the more accounts they are likely to have. Making life difficult for this group of people doesn't seem sensible.
Note one statistic: Later, we did an analysis of the retailer's database, only to discover 45% of all customers had multiple registrations in the system, some as many as 10.
That puts the order of magnitude of people having more than one account around half. That of course doesn't mean that people have multiple Google accounts, just multiple accounts but Google is becoming increasingly pervasive being the email provider for companies, universities, organisations etc.
http://developer.android.com/reference/android/accounts/Acco...
iOS drives me nuts. There was an old joke dialog years ago "Windows has detected that you r mouse moved. You must reboot for this change to take effect." The contemporary version seems to be "iOS has detected you want to do something. You must enter a password (yet again) for this to happen." I can't understand why people are ok with this - your password should be long and hard to type and hence virtually impossible to enter on a mobile device.
You can always tell the iOS apps that were ported to Android because they have their own UI for asking for your account information instead of using the system. They also almost universally believe you only have one of a kind of account - eg only one Google account. Who doesn't have multiple ones these days (school, work, personal etc)?