Firewall on smartphones
If nothing is listening on a port, no connection can be made to it, firewall or not. The same applies for desktop computers and servers. In theory, you're still safe without a firewall if nothing is listening and the TCP stack in the OS isn't vulnerable.
We have the habit to use firewalls on desktops/servers because they are available and every layer of security helps, but mobile OS developers thought that was unnecessary and are confident in their TCP stack implementation (I suppose a firewall would induce additional CPU load which will decrease battery life).
There is actually a long debate on Serverfault about whether you should use firewalls on servers, you should check it out and make your own choice whether you want to install a firewall on your mobile device.
Also note that most mobile networks out there use carrier-grade NAT which means, at least on IPv4, that your device isn't directly reachable from the Internet and this provides some sort of basic protection (you're still exposes to attacks coming from that same mobile network). Of course this point no longer applies with IPv6.
Doesn't that mean that my phone is practically open for access by anyone?
You are vulnerable to Wi-Fi eavesdropping but also to malicious applications you may run on your smartphone. By default smartphones do not come with Firewall, but in case you run lot of applications of which you are not very sure how much safe they are (say your kid is playing all sorts of games on his Android), then a malicious application could leak private data from your smartphone. That is why there is, for instance, for Android a firewall called DroidWall which:
allows you to restrict which applications are permitted to access your data networks (2G/3G and/or Wi-Fi).
But this won't protect you from Wi-Fi eavesdropping in a shop, restaurant ...
Smartphone firewall's will rather restrict access of the applications that run on them to the Internet as @shroeder said.