feel sadly vindicated for never having accepted my Android phone as a secure computing device. This post written by a Tor developer, provides a long list of problems, some of which are really not easy to patch, some of which are just egregious, for example:
"Anyone who is able to gain access to your Google account can silently install root or full permission apps without any user interaction what-so-ever."
That would probably include a long list of people who work at Google, and any one of them under the coercion and gag order of the NSA. Google never has been a friend of privacy, and their design of Android shows it. I would guesstimate that a nominally Open Source Android device is no more secure then a comparable Apple device, which is really a missed opportunity. (Still a lot cheaper though.)
On the bright side, this post lists some simple things one can do to harden one's Android. Some day when I have a couple hours I will have a go at it.