But this attack could might as well be used against any laptops or Android devices.
How often have many of you not been to Starbucks and used their free WIFI. Their WIFI (in most countries) is open with no security and all you have to do is agree to some terms on the webpage. So in the US, basically I should simply set up af network called attwifi. I really dont need to do a landing page with Starbucks/AT&T terms, many would probably not even wonder if they came directly on the internet. And then devices would begin to connect to my network, I could sniff through the traffic.
It is an old school man in the middle attack and not much Apples problem. And yes HTTPS protects you, no wait, it only protects your payload. Metadata is still floating through.