A single mobile device/tablet may have different owners during its lifetime. Conventionally, a user is linked to a service provider by a user account created by the user. The user account is used by service providers to install applications within the device. The user is identified/authenticated on the device itself, at the rich execution environment (REE) level of the operating system (OS) of the device, and credentials are exchanged with the service provider back-end infrastructure to facilitate authentication of the user.