Android could become a vulnerability here
There are plenty of known Android attacks, some remotely via SMS/MMS. Obviously many devices will remain unpatched against these vulnerabilities for their lifetime, so I wonder when we will see the first hybrid malware:
stage 1: infect Android device using an Android vulnerability, and lie in wait
stage 2: when connected to a new wifi network, look for PCs to attack using Windows vulnerability
The Android malware could even 'update' itself by checking in at a master host (make to look like yet another advertising site, with traffic that could be triggered only when browsing so the no one is the wiser) which would allow it to upgrade the Windows vulnerabilities it is using over time as old ones get closed off and new ones are discovered.
I think one of the main reasons we haven't seen widespread Android infestations is because hackers are so mercenary these days. The time when they considered it good enough to print some message about being 'p0wned' are long gone, now they're at it to make money, and ransomware on PCs is where its at.
Being able to infect devices that far too many workplaces allow people to bring in and connect to their internal network (so they can get access to email, internal web sites, etc.) is an easy way to bypass the expensive firewalls and IDS systems companies put on their network perimeter.
Obviously the same could be done with iOS, but Apple gets fixes out too quickly and people apply them too quickly, making Android a far better carrier for such a hybrid malware strategy.