Wall of text incoming.
The story begins when he is sitting in a Starbucks, annoyed that the coffee barista implied that he was too young to be drinking strongly caffeinated drinks.
A Starbucks specifically? It's been a while since I last used WiFi at a Starbucks, but last time I did, I think they used AT&T wifi hotspots.
AT&T WiFi hotspots do not use any form of WEP or WPA encryption, so your hacker's task would be relatively easy (see below).
I don't know if Starbucks would have separate secure WiFi for their employees and private network or not, though. This is likely, and certainly many places offering public WiFi do this, and the a great deal might depend on whether or not the device he's trying to hack is on an open WiFi connection or a secure one (see below).
He has 'borrowed' his sister's laptop and 'borrowed' a Raspberry PI (if this is the device that would do it) and is quietly 'checking out' the devices of other customers, hoping to pick up the barista's smartphone and maybe mess with her a little.
It would help a lot to know what that process would be. In general terms.
He wouldn't need the Raspberry PI. He would, however, need some software to put the laptop wireless NIC in promiscuous mode, so that he could pick up all the network traffic. He'd need some network monitor software to separate out all the different connections. What I don't know is whether network connections at a coffee shop are encrypted by default or not. Let's pretend not, or that it depends on the hardware, and he's only looking at the ones that aren't.
Yeah, no need for a Raspberry Pi. It's just a cheap, less-powerful computer that can't run regular desktop software. (That's not entirely accurate, but close enough for this level of conversation.)
I wouldn't say there's really any "default" for coffee shops. Totally depends on the specific shop, if it's an indie one. See above for Starbucks, which I think tends to use AT&T WiFi hotspots.
The important thing to know is that there are a few types of WiFi networks: open, WEP encryption, and WPA (and WPA2) encryption.
Open networks encrypt nothing, and don't require passwords. Some may still "require" passwords by having a splash page when you try to visit something in the browser and requiring a password/subscription/paywall/whatever. This is the case for AT&T WiFi hotspots, and the vast majority of hotel free WiFi. However, once you pass this page, nothing else is encrypted by the network itself.
On an open WiFi network, you can see any and all computers on the network very easily. Lots of computers have public sharing folders, Bluetooth, iTunes sharing, whatever, turned on by default. For example, go sit in a Starbucks and open iTunes and you'll probably see several people's iTunes libraries show up in the sidebar.
WEP is weak encryption using a semi-long PIN number. Lots of crappy home WiFi routers use it. (They're the ones with the passcode written on the bottom.)
WPA and WPA2 are preferred, and will encrypt all network traffic. They require passwords to join immediately (i.e., your operating system itself will prompt you for the password; you're not entering the password on a webpage like password-walled open WiFi).
It's highly recommended to public facilities offering free WiFi to use WPA even if they're just post the password in public for everyone to know, because it adds layers of security (encrypted traffic) beyond just the password.
Obviously, to make this as easy as possible, you'd want the target device to be on an open WiFi network. Unfortunately for security but fortunately for writers like you, this is still incredibly common.
...an alternative if you want to make things little more fun would be to have the coffee shop's WiFi actually secured,
but then your hacker could create a fake one. Most modern devices can create ad-hoc WiFi networks. Just create an open WiFi network and call it sometimes like "attwifi" and wait for people to join it.
(Although if it's the barrister, this might not be as believable, since she'd already be on the real network, since she got there before your hacker.)
He picks a connection to a given device, tries to identify it, then sees if there's an exploit published for it on the net. If there is, he downloads the exploit -- these things are usually packaged up for people such that you don't really have to know what you're doing, just follow directions. Such people are called "script kiddies".
Firesheep would be an example of such software. Sit around on an open WiFi network, and voila, free usernames and passwords!
This kind of stuff is common and easy.
Anyway, your MC breaks into a device, looks around, maybe finds something interesting. He downloads it to his laptop, uses an emulator and debugger (throw the word "Eclipse" out there if you feel like it) to try to single-step it. the damthing is obfuscated way to hell and gone more throroughly than you'd expect for a simple freeware game, but he's persistant and wades through it until he's got the bare executable. At this point he discovers that it contains nuclear codes or whatever.
I admit I'm actually not that knowledgeable about hacking compared to certain people, but I don't think you'd be using a Java IDE for that kind of thing, so I'm not sure why you'd want to mention Eclipse.
Now, actually breaking into and controlling a device is a bit more complicated than sniffing network traffic, and it's a bit beyond my realm of knowledge. I would think he'd have some exploit scripts written in advance, and he'd be executing these from a shell, not from an IDE like Eclipse.
(A "shell" is a word for the command line environment like the MS-DOS prompt you may or may not be old enough to remember.)
What does he actually need to find? Because this is where it gets complicated.
Modern smartphones use a method called "sandboxing" that makes it difficult if you're trying to jump from app to app to get data that might be in one or another. Does he actually need data from an "app", or are you just using that as a buzzword? Does he just need to stumble across some kind of sensitive information? What kind?
It's unlikely sensitive information that could get him into such deep shit would be stored locally in an app, and I'm not sure what a barrister would be doing have such sensitive information in the first place.
The most likely scenario I can think of would be finding someone's username and password to an unimportant account, then he tries it on their secret NSA email and the person has re-used the same password there, and then he stumbles across a bunch of sensitive shit.
