I gave up on burner phones because they were typically old and terribly vulnerable with no possible way to update - think older Android phones. Although, I did win the WiFi Village Fox & Hound hunt a few years back using a Samsung S4, but I had that thing locked down to using only a WiFi strength meter app and of course it was running CyanogenMod back when that was still a thing.
These days I update, backup, and lock down my daily use iPhone before going. See my post earlier in the comments for more details on that. In terms of what was happening in the last two years at DEF CON that could get you with all the steps I took, OpenLTE networks were tricking phones into attaching to them and the most disturbing thing I saw of that was middling of TLS. However, it was of course with a self-signed certificate so as long as you didn't accept the cert, you were likely fine.
If you had an older phone and one without all the latest updates and wasn't configured to be mostly silent, then your experience could be very different. There are a surprisingly high number of SMS exploits which still work to this day on a large number of phones and of course SS7 has architectural weaknesses which will likely never be fixed.
Someone had put a map together of the OpenLTE / catchers they found but I can't find it. In my particular case, I had WiFi off the entire time and received certificate validation failure notices four times at different locations while at DEFCON. Given I was only connecting with LTE, there could only be one explanation for those certificate warnings. I was being redirected to an OpenLTE or other cellular base station and someone was running a MitM proxy or solution like SSLSplit on the connection.
Unfortunately when it comes to calling it "incredibly uncommon", we really don't have any widely deployed solutions to identify rogue cellular base stations so it's very difficult to say how often it happens IRL although the only times I've ever seen it happen have been the last two years at DEF CON.
These days I update, backup, and lock down my daily use iPhone before going. See my post earlier in the comments for more details on that. In terms of what was happening in the last two years at DEF CON that could get you with all the steps I took, OpenLTE networks were tricking phones into attaching to them and the most disturbing thing I saw of that was middling of TLS. However, it was of course with a self-signed certificate so as long as you didn't accept the cert, you were likely fine.
If you had an older phone and one without all the latest updates and wasn't configured to be mostly silent, then your experience could be very different. There are a surprisingly high number of SMS exploits which still work to this day on a large number of phones and of course SS7 has architectural weaknesses which will likely never be fixed.