Hey I'm with you, it is lacking right now if you're using generic apps. We (SecureAuth) can protect and federate identities into native mobile apps all day long (<a href="https://mobile.gosecureauth.com/." rel="nofollow">https://mobile.gosecureauth.com/.</a>) We even help companies do SSO into native mobile apps with technologies like NFC where we tie it to an enterprise datastore.
But like you said, the issue comes into play when customers of ours like GSA and Unisys don't just use custom mobile apps but rather want to assert an enterprise identity into a generic mobile app like box, dropbox or SAP BI.
These don't really allow you to programmatically assert that identity into it (yet?). An awesome example would be after validation of your identity we asserted that identity into the url scheme like 'box://store&UserID=variable&SessionID=123'.
Here's a picture of how SecureAuth deals with mobile apps right now though <a href="http://i.imgur.com/uHfRUoI.png" rel="nofollow">http://i.imgur.com/uHfRUoI.png</a>