Android apps

Quote from a security researche regarding Joe Public’s inability to spot holes in Android apps:

“About half of the participants could not judge the security state of a browser session correctly.”

well duh. Why should they have to? People have better things to do than self-train as it security experts. If IT was secure by default, then everything would be much simpler.