I find the skepticism here a little surprising. These are unencrypted, trivially spoofable protocols that haven't been exposed to attack before--of course there are going to be buffer overflow bugs and unexpected, exploitable connections between vulnerable components and critical systems (if they're not already the same machine).
(I believe if you spoof ADS-B it means you can generate TCAS warnings, which pilots are trained to prioritize over ATC commands due to earlier incidents where TCAS was correct and ATC was wrong: http://en.wikipedia.org/wiki/%C3%9Cberlingen_mid-air_collisi... )
They issue isn't can they be spoofed? It is can you crash a plane remotely? Or even can you force a plane to go somewhere? The answer to both is basically no. You can confuse the heck out of the pilot, and possibly make them do some maneuvering until they ignore the system (and send the police after you).
Realistically the idea of putting encryption on ADS is one of the stupider ideas ever. I mean can you imagine a crash caused because someone didn't update their CA list, and thus it rejected a the signature of another plane?
Anyways, you could just jam the whole ADS-B system for your region. The system is protected by aggressive action against rogue transmitters.
Also the "with an android phone" part is disingenuous, as you'll need a fair amount of equipment.
Video of spoofing ADS-B: http://www.youtube.com/watch?feature=player_embedded&v=N...
(I believe if you spoof ADS-B it means you can generate TCAS warnings, which pilots are trained to prioritize over ATC commands due to earlier incidents where TCAS was correct and ATC was wrong: http://en.wikipedia.org/wiki/%C3%9Cberlingen_mid-air_collisi... )