I use GReader (link) to read my RSS feeds from Google Reader on my Android tablet. Though, I have never registered an account on it and it is still able to read my Google account data. Two questions pop to mind:
How is it authenticating me?
How safe is this authentication? Can the developer of GReader get hold of my password?
Thanks
Since you usually have to add your Google account to an Android phone in order to use it, chances are GReader (like GMail) hook into that account using AccountManager or a different part of the API.
Check out this other question for a bit of code showing how you can grab the logged in user's account name (if you have the GET_ACCOUNTS permission in your manifest).
I can't speak to how secure this authentication is (as I'm not sure what the actual mechanism for authenticating with Google's servers is, but it's probably OAuth) but since you have to get that permission, you can at least check applications on the Market for whether they may do something to your user account.
Note that you can have multiple accounts on an Android phone so it's best to let the user choose if there's a potential for getting the wrong account.
