How does the Facebook Camera App know who I am the first time I go into it?
If you have the Facebook App on your iOS device, and you download the Facebook Camera App, the first time you go into Facebook Camera, you get:
Continue as David W.
(or whatever you're name is)
In iOS, all apps are suppose to store documents under App specific folders. There is a keychain for storing passwords and other credentials, but again, this is application specific. I even found documentation explaining that although Safari can download certificates, they must be imported into particular apps. The idea is to sandbox each app, so a security issue in one app doesn't affect the security of the entire device.
So, how does the Facebook Camera app know who I am if it can't get data from the Facebook App itself, and can't use Facebook App's data from the keychain?
This was covered by MG Siegler over at Paris Lemon last week, the explanation of how it does it is here.
Basically, iOS provides it's own Keychain functionality and if you know the Keychain key, then you can save and read data between apps that you write. In this case, the Facebook Camera app is reading data saved by the Facebook app.
As it turns out, apps can share keychain data to each other.
There is a thing called iOS Keychain and it makes sure you don't have to log in every time you open the FaceBook app for example.
And considering the fact both the FaceBook app and the Camera app are from the same company, I can imagine it shouldn't be too hard to exchange the stored password.
If you want more specific detail about how to use the iOS Keychain, I can recommend this tutorial.
But there seems to be more then meets the eye. Apps can even access some phone data, as described in this post. Some API's of the iOS SDK aren't protected and can be accessed without any authentication (like the name of your iPhone,...).
It's all a matter of cleverness :) And engineers at FaceBook, Twitter, FourSquare,... seems to be very good at it!