What protects Android AccountManager passwords from being read by other apps?

Question

I\'m writing 1) an app that stores a username and password in the AccountManager, and 2) a separate background Service app that accesses those credentials to login to my servers

Answer 1

Account data protection is based on the Linux user id (UID) of the process making the request. (See Security and Permissions in the guide.) Each account is associated with an account authenticator (that has a UID), and the process calling getPassword (or several other methods) must have the same UID as the authenticator.