Cyber security labs at Ben Gurion University have uncovered a network vulnerability on Android devices which has serious implications for users of VPNs (http://cyber.bgu.ac.il/blog/vpn-related-vulnerability-discovered-android-device-disclosure-report). This vulnerability enables malicious apps to bypass active VPN configuration (no root permissions required) and redirect secure data communications to a different network address. These communications are captured in clear text (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.

http://it.slashdot.org/story/14/01/18/1449215/vpn-encryption-vulnerability-on-android