A friend of mine recently said that using public Wifi is risky even with a full-tunnel VPN, because the router would still be able to interact with my device, regardless of a VPN, and could potentially exploit any weaknesses of the OS.
How much truth is in this statement?
To my limited knowledge when I join a network I am assigned an IP and told which DNS to use and then I happily disappear into my VPN tunnel?