Steam client on Android is pure genius. Almost.

TL;DR: It is impossible to log in to the Steam services with the Android Steam app using only that phone the app is on (until a fix arrives).

The Steam client on Android has two security features built in it.

One of them you might already know.
If you try to authenticate into Steam from a computer/browser where you have never before logged in, Steam will not let you in immediately, but first it will ask a security code. Behind the scenes Steam sends this security code to the current email address in your Steam profile. You have to access that email, read the code and provide it to the login form (which awaits your input).

This feature is very useful. If someone were to get your Steam credentials, he/she cannot log in, as they won’t have access to your email service where the security code arrives.

The second feature is mobile phone specific.

If you download the Steam client, go to the login page, and for some reason you leave the login page in any state, username/password entered or not, and later you return to the Steam app, every field on the login form is cleared and you need to reenter it.

These two security measures combined is the most fantastic, evar.

If you try to log in with the Steam client for the first time on an Android phone and you enter your username/password, Steam’s superb “new-browser” defense mechanism kicks in. The Steam client will ask for the security code. To take a look at the security code, you have to change to Gmail (or whatever mail client) app and read the email. So when you return to the Steam app, the second “clear-the-form” feature kicks in, and the login form is cleared.

What happened to QA?