I have implemented an account manager in Android and I use peekAuthToken a lot inside the application to get a token.
But I'm a little confused in the source code, in the docs, it says:
Designed for use by the authenticator, and not directly by applications.
Why is this, and what will be the problem of using this method to get authToken?
peekAuthToken internally verifies that the two uids are equal before providing the auth token:
peekAuthToken
If the uids are different, you will get a SecurityException.
In other words, if you send the authentication service along with the rest of your application, you should be fine. (Although I still recommend using getAuthToken instead). However, if you send the authenticator in one application and want to call peekAuthToken in another, this will not work.
getAuthToken
https://github.com/android/platform_frameworks_base/blob/4535e11fb7010f2b104d3f8b3954407b9f330e0f/services/core/java/com/android/server/accounts/AccountManagerService.java#L1544