mobile platforms have less known vulnerabilities than pcs, but out of all the mobile platforms, android harbors the largest number of exploits and more are found as time goes on.
in the u.s., law enforcement goes through a lot of effort to use mobile activity as a resource. they don't have access to all your data, but it's become progressively easier for them to know your habits without needing a warrant. in fact, if you personally use any tunneling protocols to encrypt your traffic, they don't need a warrant to confiscate your device as of earlier this year. however, i would still use ssl when i'm using a public access point because you never know who's in a public network, or who's managing it.
i turn my wi-fi off until i'm at home, because when it's on, your phone pings wireless access points, creating a trail.
being spied upon comes with the territory, at this point.
however, to prevent being hacked, i would install the mcafee antivirus app (or, really, any one that you prefer) to prevent/detect known threats. i wouldn't download any apps from places other than the google play store. i would avoid using your phone to visit sites that have a higher risk factor. additionally, i would ignore false-positive claims from rando sites that 'you've been hacked, now give me your number so we can fix it'. you also want to avoid phishing scams by verifying that you're using your login credentials on the correct sites / apps. moreover, generally follow the same rules you would on your personal computer, with the caveat of wireless risks.
here are some links that may be of interest:
WiGLE: Wireless Network Mapping
Which Mobile OS is Most Secure; iOS, Android, or Windows? [SLIDESHARE] – NextLOGiK
Mobile Security News, Analysis, Discussion, & Community - Dark Reading