So you want to heed the advice of security experts and keep your transactions private when on WiFi by using a VPN?  Great idea – but perhaps be careful which VPN you choose, as Aussie research has shown a staggering flaw in large numbers of VPN apps available for Android in the Google Play Store.

First rule of Android security – install apps from the Google Play Store.

Second rule of Android security – trust no-one.

The CSIRO’s Data61 unit, along with the University of New South Wales, International Computer Science Institute and University of Berkeley have conducted some pretty deep analysis into the privacy and security risks of almost 300 Android VPN-based apps.

One would hope this would give a sense of assurance to users.  Nope. Not one bit.

Of the 283 apps studied, 38% revealed malware or malvertising presence.

But it’s not just about shonky ads and software, 84% of the apps leak users traffic, and get this – wait for it – 18% of the apps don’t even encrypt any of the traffic.

You know those messages you get to accept permissions when you download an Android app?  80% of the apps tested requested access to sensitive data like your user accounts and text messages – neither of which are required to run a VPN.

Everyone running for the hills now?  Nope.  Less than 1% of users of these apps had any security or privacy concern about them.  Great.  Just Great.

Key rule in choosing a VPN service, if it’s free it’s no good, if it’s to good to be true walk away.