A security researcher has developed a proof-of-concept app that s in the Android Market now. Jon Oberheide, a security researcher, found that on devices running Android 2.0 and higher, he could access a special token on the device. The token, called the Android service token, is used in place of a username and password each time the Android handset asks permission from the Market server to install an application. In this way, he was able to have an application bypass the permission process that Android Market apps present when installing an app.
Source: https://threatpost.com/new-android-bug-allows-silent-malicious-app-installation-111010/74660/

