Last year, a talk focused on . This year, two researchers have targeted all their firepower on the Android.

In this morning's presentation, Jon Oberheide, CTO of DUO Security, and Zach Lanier, a senior consultant with the Intrepidus Group who specializes in network and web application penetration testing, walked attendees at ShmooCon 2011 through a series of weaknesses they discovered in the device at the kernel, platform and application levels.

Among their findings:

Android gives third-party applications permissions that are easy to hijack, they said. Writing a proof-of-concept disguised as the increasingly popular game, they were able to bypass the permission approval process and steal the authentication token from the Android AccountManager.

The talk was a sequel of sorts to one Lanier and fellow Intrepidus researcher Mike Zusman gave at the last fall.