[teekert]

Would you do it with a VPN? (I would, just checking)

[frogsRnice]

A vpn (that you trust) would certainly help a little, but in the above case the connection can still be mitmed from the vpn server to the application backend

Edit: I would for my personal devices, unless I knew the app did something horrendous in advance- but I guess the core problem is you really have no way of knowing unless you check the app yourself or there is a known and reported vulnerability.

[bugtodiffer]

I wouldn't, especially not having looked at the VPN at first. It might expose you to even more attackers than could fit in your Starbucks

[teekert]

VPNs have a bad reputation, but I trust Mullvad (have used and paid them often), and Proton (currently paying them).

[bugtodiffer]

I trust Mullvad more than others, because IIRC they were one of the few that actually had RAM only infrastructure when they were audited