VPN can be a problem, especially on these older devices as those services themselves are vulnerable due to underlying OS issues. In terms of WiFi, keep in mind LTE is effectively broken because of the emergency tower redirection implementation. It's possible for attackers to direct devices to their own OpenLTE tower.
> keep in mind LTE is effectively broken because of the emergency tower
> redirection implementation
And it will fails after only a few message, when the phone modem tries to authenticate the network (MME) and fails. LTE and 3G do have mandatory mutual authentication where the device authenticates the network very early on. It's 2G that's the problem: a 2G network does authenticate the device, but not the other way round, which opens the door to the well known MITM attacks on 2G (stingrays). The worst a LTE/3G rogue cell can do is try to attack the modem during the early non-authenticated messages (send corrupted messages), and waste UE time or jam it. But it can't do MITM.
So if you're paranoid and you can afford it due to good 3G/4G coverage, disable 2G on your handset ;)
https://sourceforge.net/projects/openlte/files/