In reply to a post by bobble_bob:

I never do, but certain apps on your phone are autosign in, so assume that sensitive data is being passed as soon as you open it?

It really depends on the apps.

Applications such as facebook will login over https using a secure TLS V1.2 connection. Here even on a public WiFi, it is not like your credentials can just be picked up by somebody else...

If the app is coded poorly it will transmit credentials over HTTP which is a cleartext format, here somebody on the same WiFi network is able to intercept the credentials (usernames and passwords) entered by you and all other traffic transmitted. Generally speaking on iPhone the majority of apps do not insecurely transmit credentials.

Features built into the iPhone such as the Mail app and iMessages app are fairly secure in their transmission of data.

AV won't protect you against MiTM attacks, neither will HTTPS, generally, 'public' WiFi is a known risk, the bigger risk is spoofed access points, where your phone will 'trust' an already known AP name.
BTW, unless you're sending and receiving signed and encrypted mail end - to - end, no mail application is secure, neither are the contents.
Edited to add :- If you must use mobile banking applications, only ever use them with WiFi turned off to force a connection over 3G /4G, whilst not fully secure, it is at least of a consistent security level, unlike WiFi.

Edited by deleted (Fri 16-Dec-16 07:47:52)