The exploit is just about the worst case scenario. Users don’t even have to connect to a malicious AP and turning off WiFi may not stop an attack. iOS has been patched but it is likely still weeks, if not months or in some cases ever, that Android will receive a patch. I can confirm that Broadcom makes some terrible chips after being stuck running Linux on a Mac for work recently. A coworker still routinely has disconnects and other issues with the same configuration.
Broadcom chips allow rogue Wi-Fi signals to execute code of attacker’s choosing.