Then you have open WiFi and if the connection is not encrypted, sure.

I only scratched the surface of exploits. Then we have carriers/malware that install RATs. ( http://en.wikipedia.org/wiki/Remote_administration_software )

If you installed ANY app other than stock, then it can be a trojan or RAT.

So yup.
Bob