How do popular apps authenticate user requests from their mobile app to their server?

Question

Say I have an Android application that connects to a .Net API for receiving/setting data. The confusion that I have is regarding how to sign-up/login the user first time and

Answer 1

Basically these famous use OAuth protocol (1)/ framework (2). Even though it has to be a standard, each of these had different implementations of this protocol/framework. So we have to be very careful when it comes to integration.

Example: Dropbox still uses OAuth 1 and recently came up with OAuth 2 support.

Back to Answer, As, peterpan stated, its is a token based way of authentication is one time thing and out of the equation.These tokens are expired or that power is given to the developer in some cases.

The interesting thing behind this is that, resource access scope can be defined rather than allowing the client application to keep the user names, passwords which is dangerous.

This is the basic illustration of how this works.

I will update the answer after I get more details on this, since I am working in this area these days :)