None of those vulnerabilities should be an issue.
All filenames in the zip file are normalized and resolved to absolute paths, absolute within the zip, so they shouldn't be able to be extracted beyond, e.g. to a parent of, the destination directory.
Symlinks aren't supported at all, so they should be extracted as empty files.
Anyhow, those vulnerabilities are less of an issue on Android since regular apps don't have write access to any sensitive system directories anyway, i.e internal storage.
Any "test vector" zip you find, please send them to me so i can include them in my unit tests.