Android VPN software riddled with virus, spyware and other malware

Even worse: many don't even encrypt traffic, as advertised

Android software supposedly intended to secure smartphone users' privacy and security frequently contains spyware and other forms of malware, researchers have warned.

A study by researchers in the US and Australia (PDF) has found that a large number of Android virtual private networking (VPN) apps are completely insecure and may even contain malicious code.

A report on the Australian ABC news site claims that of the 283 apps analysed by the researchers, 38 per cent contained malware or malvertising. One in five didn't even encrypt traffic, as advertised.

"The findings are alarming and showing some very, very serious security and privacy issues," said one the the Australian researchers, Dr Dali Kaafar.

"If they embed some malware that means that particular malware can see all the other traffic that is originating from your device. Your [usernames and passwords] can be seen by this particular app and that's a very critical, very sensitive security issue."

Kaafar does not have much good to say about the VPNs that are out there, and was particularly appalled at the lack of encryption. That's a huge security hole to not be encrypting that traffic," he said.

"Consider that as your network being completely naked out in the wild so everyone can see it if you're sending on the internet or when you're connecting to a hotspot WiFi."

A list of the 10 "worst" providers includes five that are no longer active, but the remaining ones have been downloaded at least a million times. That one is called One Click and, astonishingly, has a ranking on Google Play of 4.3 out of a possible five.

The other named apps are Betternet, CrossVPN, Archie VPN, and Fast Secure Payment. You have been warned.

The security pitfalls of Android have been well-known for many years, with Android devices estimated to be 100 times more likely to contract malware than a rival device running Apple's iOS operating system - largely thanks to Apple's iron-fisted control over its ecosystem.