Seems that a rogue Android app can get more privileges than it deserves simply by saying that someone trustworthy has vouched for it. It’s been dubbed the “FakeID” hole…
Naked Security – Sophos