I am actually preparing to release an app using the device google account to authenticate on Google App Engine server.

To do that, I need those permissions :

• USE_CREDENTIALS : obviously
• INTERNET : obviously
• GET_ACCOUNTS : to ask the user to select one of the google accounts registered on his phone.

My problem is with GET_ACCOUNTS : I think it’s quite intrusive to ask this permission along with INTERNET : I would be able to get all his accounts (google, facebook, etc…) and send them to my server (I won’t do that of course !). But I fear this permission may scare users, and they may not download my app…

I had the idea to report this permission to an other app, which wouldn’t have INTERNET permission. This app would be called with an intent, and return only the account chosen by the user. And then, my main app don’t need GET_ACCOUNTS anymore.

The source code is there : http://code.google.com/p/account-chooser/
It’s quite simple (only one screen)

To send an intent to this app I use a utility library like IntentIntegrator from ZXing. If my “account chooser” app is not present on the device, it asks the user to download it from market.

What do you think about that ? Is it a good idea ? Am I right to bother the user with downloading a mysterious app he may not understand the usefulness ? Or should I just use GET_ACCOUNTS permission in my main app without questionning myself about privacy ?