Hackers have been uncovering a lot of Android security holes lately, including one vulnerability that lets hackers turn legitimate Android apps into malware and another that has given the FBI the ability to remotely flip on Android phones’ microphones to record conversations. Now IDG News, via PCWorld, reports that a security researcher at the Defcon security conference in Las Vegas this weekend showed off a new Android exploit that uses Google’s one-click authentication feature to steal users’ passwords. As IDG News.writes, Tripwire researcher Craig Young has created “a proof-of-concept rogue app that can steal weblogin tokens and send them back to an attacker who can then use them in a Web browser to impersonate a victim on Google Apps, Gmail,

More... (http://news.yahoo.com/android-latest-security-snafu-one-click-authentication-lets-164557890.html)