There are some attempts to use OAuth. Twitter has XAuth (I forget how broken it is, and it might still be in beta). There’s also Facebook Connect. They’re all broken.

There are two main problems:

• There’s no trusted UI except the web browser (and it’s not hard to write a similar-looking “fake browser”). Involving the web browser is clunky, and I’m not sure the browser can launch apps on Android.
• There’s no accountability, because any app can pretend to be any other app. Any secrets you embed in the app aren’t going to be that secret. (I personally think this is more of a UI issue.)

I can think of one half-decent solution: Have an official Google Account app. On Android, you launch it as an activity and it gives you an auth token when it finishes. On iOS, you’d do the same thing with URLs. I’m not sure how it’d works on WP7 or BB.

This solves the first problem because the user is expected to be already logged in, and the second problem because you’re generally provided with some identifier of the app that started you. (Well, it solves the problem for users who don’t enter their password into random apps.)