From personal experience, I will say, make sure that there is no person with a laptop and an incomprehensible device in the usb connector (whistle) or even your own router nearby (it is funny for someone, but I was extremely surprised that when I was sitting in one popular cafe with a router on the table, no one paid attention to me).
What else? HTTPS is your friend. When the "use HTTPS" button is turned on, the VK application really starts using it, but this is not for everything.
In a number of Moscow access points, which from MGTS, closed on my tip, they closed the ARP spoof vulnerability, otherwise to save a lot from the dummy dot incident, but make the network a little safer.
Security when using open Wi-Fi is almost platform independent. General tips all apply to Android: