A security researcher says a single sign-on feature for Google Android devices can lead an attacker to compromise an entire organization via its Google Apps domain. The weak link is the so-called “weblogin” token used by Android to allow users to sign on once for all Google services. Young says a bad guy can access an Android user’s weblogin or token, using a root exploit or rigged app. Google as of this posting had not responded to a request for comment on Young’s research.”]