I have two apps that both log in to the same system but they have separate functions and may not both be installed at the same time. I can sign the two apps with the same signature no problem, even make them run in the same process.

How can I store the login cookie (among other things) in such a way that it is shared by both apps and still be secured from unknown apps?

Shared user ID should get you access to each other's private storage, you would just need to figure out if the other was already installed, figure out the absolute path to its private storage and then look and see if it had the cookie. Hopefully you won't starve at the table of philosophers.

Err... what's it called... a data provider? Nope. I'm getting "Service" and "Content Provider" mixed up.

Put both apps and the login service in the same process. Either app should be able to start the service or query it for session info and anything else you might want to put there.

Alternatively, you can put all that information into a shared database.

The login dialog itself probably has to be an activity, and I'm not sure if you can have an activity within a service. You may need duplicate login screens in your apps that could then pass the session data to your service for sharing purposes.

I'm not sure if the service would have to be a separate install, or something that could be bundled with both apps.

Here's a good solution:

What's the best way to do "application settings" in Android?

Since you want to share this between two applications, regardless of the way you want to implement it, don't forget that this will be visible to all applications. You may want to encrypt your password or session ID. Here's an example:

http://android.voxisland.com/code_examples/How_to_encrypt_and_decrypt_strings.rhtml

Good luck!