Have a read of this scenario from the labs at enterprise security specialist, Bromium:
You walk into a coffee shop and take a seat. While waiting for your coffee, you take out your smartphone and start playing a game you downloaded the other day. Later, you go to work and check your email in the elevator. Without you knowing, an attacker has just gained a foothold in your corporate network and is steadily infecting all your colleagues’ smartphones too.
Wait, what?
More via Remote code execution on Android devices | Bromium Labs.
If you’re at all interested in this area, I encourage you to have a read of the in-depth post linked above. It’s an article written by Tom Sutcliffe and Thomas Coudray who actually succeeded in executing some remote code on Android devices through the control of a ‘rogue’ WiFi hotspot.
After reading I did find myself hoping that the Cloak VPN chaps finally launch their Android service. I use public WiFi quite a lot and take a lot of confidence from the fact I’m protected on my iOS/Mac devices by Cloak.