Is it true that using public Wi-Fi increases risk of being cyber attacked?

In a little more detail…

Insofar as public WiFi hotspots are concerned, where your internet traffic can be both monitored and potentially manipulated by bad/malicious actors, use of a properly configured reputable VPN service is recommended by knowledgable Infosec Professionals.

Public networks have a considerably higher risk profile than private networks - the latter, by design, being considerably more secure. Unknown to many, while some of your internet traffic is end-to-encrypted, some protocols (e.g., DNS) is natively transmitted “in-clear”. Unencrypted protocols can leak considerable information about your device and your activities; not only can this traffic be intercepted and analysed by anyone that shares the same network, this traffic can be manipulated and altered. 

In addition to bad actors who offer greatest threat, the WiFi network operator is also in a privileged position to monitor all unencrypted network traffic that traverses their network.

Employing a correctly configured VPN ensures that all your traffic, that is transmitted on the “untrusted” public network, cannot be monitored or manipulated. While a VPN is not a panacea - and will not provide end-to-end encryption services - it will provide additional security over the least-trusted (public) network connection.

Some will advocate that VPNs offer little or no protection - as the VPN Gateway operator has access to data that terminates at the VPN Gateway prior to delivery to the internet. However, the VPN Gateway operator can only see your unencrypted protocol traffic - and can see no more than your ISP.

Apple has introduced additional protection for its most recent versions of iOS/iPadOS - at least for those that subscribe to iCloud+ - by way of its Private Relay service. This service uses ODoH (a variation of DoH - DNS over https) that can provide additional security for DNS traffic. As already mentioned, this facility is only available - when enabled - to iCloud+ subscribers. This said, many public WiFi network and WiFi hotspot networks block DoH and DoT traffic - and may require this protection to be disabled prior to allowing access to the network.

Insofar as anyone that is also accessing the same public WiFi network can see - and potentially manipulate - your network traffic, yes, public WiFi networks will expose your iPhone (or any other device) to a greater risk of a vulnerability being exploited by a bad actor.

I respectfully disagree. All communications between your phone and an end point is end-to-end encrypted. Using Transport Level Security (aka SSL) is required by Apple for apps, is enabled by default for email and iMessage, and the Safari browser also uses SSL, and will warn you if the site you are accessing does not. So someone on the public Wi-Fi network won’t be able to see any content to or from your phone, and if you turn on Private Wi-Fi Address in Wi-Fi settings they won’t even be able to identify your iPhone or you.

Further, all messaging apps (Signal, Skype, WhatsApp, Facebook Messenger, Telegram, Google Meet) also use end-to-end encryption.

You can also enable iCloud+ Private Relay, which will prevent any websites you visit from identifying you or your location unless you log in to the site.

Yes.