Skip to main content

Reading is great. Tracking makes it stick. Sign up for a free Dashboard to tick off tasks and see your Security Score.

Get my free Dashboard →
CE: Firewalls

Public Wi-Fi safety on Android

Public Wi-Fi in cafes, hotels, airports, and shopping centres is convenient but can be risky. This guide explains the specific risks of public Wi-Fi, what attackers can do, and the straightforward steps you can take to stay safe on any public network.

People working on laptops inside a modern cafe

Why public Wi-Fi is a risk

Public Wi-Fi networks are often unencrypted, meaning data sent over them can be intercepted by others on the same network. The risk is not from the network itself, but from other people connected to it. Your banking app's connection is encrypted, but not every app or service is, and you may not always know which is which.

  • Any device on the same Wi-Fi network can potentially see unencrypted traffic
  • Attackers sometimes set up "rogue hotspots" that mimic legitimate networks, e.g. "Café WiFi" in a coffee shop
  • Logging into accounts over public Wi-Fi on apps that do not use HTTPS can expose your credentials

What attackers can actually do

Understanding the realistic threats helps you respond proportionately:

  • Eavesdropping: intercepting unencrypted traffic to capture data in transit
  • Man-in-the-middle: redirecting your traffic through an attacker's device to read or modify it
  • Rogue hotspot: setting up a fake Wi-Fi network to capture your logins
  • Malware injection: on some poorly configured networks, attackers can inject malicious code into unencrypted web pages
  • Modern banking apps and HTTPS websites encrypt their own traffic, but older or poorly-made apps may not

How to stay safe on public Wi-Fi

These steps substantially reduce your risk on any public network:

  • Use a VPN: this encrypts all your traffic, making it unreadable to anyone on the same network (see Using a VPN on Android)
  • Avoid banking or accessing sensitive accounts on public Wi-Fi unless you are using a VPN
  • Use HTTPS sites and apps: look for the padlock in Chrome
  • Turn off Wi-Fi auto-connect: Settings > Network > Wi-Fi > turn off "Connect to open networks"
  • Forget public networks after use: tap the network in Wi-Fi settings and select Forget
  • Use mobile data instead for sensitive transactions if you do not have a VPN

Signs of a rogue hotspot

Before joining a public network, check for these warning signs:

  • Two networks with very similar names, one may be a rogue hotspot (e.g. "The Cafe" and "TheCafe")
  • A network that requires you to install an app or certificate to connect
  • No password required for a network in a location that usually has one
  • Ask staff for the official Wi-Fi name and password before connecting

Track your Android security progress. Free.

Create a free account to tick off tasks, see your Security Score improve, and know exactly what you've done and what's still to do.

Start your free security check
← Back to Android Security Hub