It is reasonable and prudent to use "public VPN" services, knowing of course that
they will be able to intercept the communication (because they are
brokering it ...). They enable "the communications that are bouncing through the air at the coffee shop" to be provably secure. Furthermore, they are usually set up so that
everything is sent through the tunnel to the VPN service, so that
nothing escapes into the coffee shop.
That being said, TLS
(https://) communications are also cryptographically secure. Although people might know that you are communicating with this-or-that web site, they will not be able to intercept the content of the communication. The traffic will be encrypted before being tendered to the wireless network.
Considerations of what is and is not appropriate "WiFi security practices" are, in fact,
generic to operating systems. They apply equally to Windows, OS/X, Linux, and your phone of whatever type.
Don't try to use this stuff to do anything illegal. Just exercise ordinary cryptographic caution to safeguard what is "nobody's business but yours."