I'm just wondering if it is possible for someone to MitM me in the following scenario and intercept plaintext traffic:
dovecot imaps server with real thawte "quick" cert | imaps (ssl) | public wifi | android phone using imaps using "ssl" not "ssl (any cert)" option
For instance, can a malicious hotspot use some sort of interception technique / spoofing and some sort of wildcard cert to trick my phone into negotiating SSL with it, which then does its own SSL to my dovecot server, thus MitM'ing me without me even knowing? I know in a web browser I'd normally be protected against that by looking at the URL in the address bar, or the green EV-cert graphics (or am I wrong in even that assumption)?
How paranoid do I have to be? And is there any way to beat any shortcoming on Android, perhaps with a client cert or a way to tie the account to a single manually-specified server SSL cert?