Any decent browser will display a certificate error for a Mitm attack. But yes, if you are using other programs/apps over an untrusted network, you can never be sure.

It's not actually about the WiFi, secure or not. I was in a WPA2 WiFi. I attacked my phone (at a higher network level), so unless there's an active IDS in place, you can't do much about it.

The issue is not the network, but the way the app continued over an insecure connection.