It's very possible that a malicious Wifi hotspot would use some exploit on the phone and compromise it. I believe intelligence agencies are doing that routinely not only on public WiFi but also on the very 4G hotspots of your operator, probably with the (forced and gagged) consent of your operator. But then, if you think this was an instance of that, you would need to be more specific about what is being done on the phone: just calling that a "tracking pixel" is conflating unrelated concepts and creating confusion, which makes your post appear as FUD.