Android One-Click Google Apps Access Cracked
A weblogin token allows an Android user to log into a desired Google service in lieu of having to enter a password. Accordingly, any attacker able to obtain a user's token could access any Google service that the Android device is configured to use.
Hidden Android feature allows users to fine tune app permissions
Researchers find trojanized banking app that exploits critical Android bug
Android's One-Click Google Auth Is a Buffet for Hackers