Even as you read this someone’s phone credentials are being used to access their phone or tablet. It isn’t that mobile devices are inherently less safe, but they are used in a manner that leaves them far more vulnerable than laptops. A few reasons why include:
The trouble starts with attachments that a PC has some defense against, but a mobile device does not. That doesn’t need to be the case but the resource heavy security programs for mobiles are unpopular leaving the phones and tablets much more likely to be subjected to this threat.
Much as a router can be repurposed to attack a network, a phone can carry out such attacks unbeknownst to the user. If anything this makes the risk two fold as the person carrying the phone may be held liable for any resulting infection in some cases.
Unencrypted Wireless Networks
This is a privacy concern for users who may not realize that their online activity could be potentially monitored by the user across the room. This is also a common exploit tactic in hotels and coffeeshops.
Apps With Deep Permissions
Your standard flashlight app shouldn’t need to know your email, home address, phone contacts, banking numbers, or any other relevant information. That doesn’t stop 3 out of 4 users from downloading at least a few apps with questionable permissions.
While there are ways of increasing or decreasing the likelihood of a phone or tablet being attacked, there are as of yet no ways to completely eliminate the risks and retain the full user experience. Until there is it’s simply best to be wary and not jog around the city with hotspot turned on.