Numerous Android applications supposedly intended to secure smartphone users' privacy and security actually contain spyware and other forms of malware, researchers have warned.
A study by researchers in the US and Australia (PDF) has found that a large number of Android virtual private networking (VPN) apps are completely insecure and may even contain malicious code.
A report on the Australian ABC news site claims that of the 283 apps analysed by the researchers, 38 per cent contained malware or malvertising. One in five didn't even encrypt traffic, as advertised.
"The findings are alarming and showing some very, very serious security and privacy issues," said one the the Australian researchers, Dr Dali Kaafar.
"If they embed some malware that means that particular malware can see all the other traffic that is originating from your device. Your [usernames and passwords] can be seen by this particular app and that's a very critical, very sensitive security issue."
Kaafar does not have much good to say about the VPNs that are out there, and was particularly appalled at the lack of encryption. That's a huge security hole to not be encrypting that traffic," he said.
"Consider that as your network being completely naked out in the wild so everyone can see it if you're sending on the internet or when you're connecting to a hotspot WiFi."
A list of the 10 "worst" providers includes five that are no longer active, but the remaining ones have been downloaded at least a million times. That one is called One Click and, astonishingly, has a ranking on Google Play of 4.3 out of a possible five.
The other named apps are Betternet, CrossVPN, Archie VPN, and Fast Secure Payment. You have been warned.
The security pitfalls of Android have been well-known for many years, with Android devices estimated to be 100 times more likely to contract malware than a rival device running Apple's iOS operating system - largely thanks to Apple's iron-fisted control over its ecosystem.
Mark Vartanyan was working for Norwegian e-healthcare firm Dignio when he was arrested
Samsung can't see a way to profitably compete against Amazon and Google
Fix being rushed out - but not quite as quickly as an ambulance to an emergency
Massive miner Rio Tinto claims 20 per cent of pit-to-port train kilometres in Australia are now driverless
Rio Tinto today, TfL tomorrow?