Re: There are ways of mitigating some of this - for example, a low cost Android device
No, we actually supply these devices (not the 2007 devices you describe). We have both Android smartphones as well as mini-routers.
These are primarily designed for public sector and more security conscious private sector (regulated etc.). The enable public Wi-Fi connections to be remediated (i.e. the splash screen/captive portal) on a low cost, separate device which then shares its connection to one or more (up to 10) corporate laptop/tablet/smartphones etc.
Since the corporate device can apply a much stronger security policy (i.e. closed firewall, VPN etc.), it means that there is less risk since they simply PN through the device once the public Wi-Fi is unlocked.
As the devices NAT connections and have an in-built firewall, they provide additional protection to connected end-points.