At the server level, the entire web server and web service communications are applicable. The following figure gives the high-level mind map for the set of important sections that have to be tightened before providing the backend services to any given mobile app. It also has the mapping done with the OWASP 10 (https://www.owasp.org/index.php/Top_10_2013-Top_10), which are applicable. The server will not be considered completely secure with the following recommendations; however, developers have to refer to the OWASP Application Security Verification Standards for web apps.
The majority of apps in the app store have not implemented any form of encryption to protect the authentication parameters. It is a best practice to implement any confidential user input such as login, password reset, and password recovery only through encrypted channels.
All the validations are performed including the user identification with the right password complexity
Do not provide any specific...