Charlie Fairchild, senior Android developer at WillowTree Apps,writes in a column for InformationWeek thatdevelopers should be aware of five security dangers when creatingapps:

1. Insecure data storage: Design apps in such away that critical information such as passwords and credit cardnumbers do not reside directly on a device. If they do, they mustbe stored securely. For iOS, passwords should be stored within anencrypted data section in the iOS keychain. For Android, theyshould reside within encrypted storage in the internal app datadirectory, and the app should be marked to disallow backup.

2. Weak server-side controls: Serversthat an app is accessing (whether they're your own or the serversof any third-party system your app may be accessing) should havesecurity measures in place to prevent unauthorized users fromaccessing data. It's critical that back-end services be hardenedagainst malicious attackers.

3. Unintended data leakage: Use caution whenchoosing analytics providers and implementing advertising. Watchingwhat, how, when and where data moves can give an attacker a goldmine of information.

4. Broken cryptography: Always use modernalgorithms that are accepted as strong by the security community,and whenever possible use state-of-the art encryption APIs withinmobile platforms–think AES with a 256-bit key for encryption andSHA-256 for hashing.

5. Security decisions via untrusted inputs Amobile app can accept data from all kinds of sources. In theabsence of sufficient encryption, attackers could modify inputssuch as cookies and environment variables. When security decisionson authentication and authorization are made based on the values ofthese inputs, attackers can bypass your security.

For more on these five dangers, including information on howdevelopers can implement protections against thesedangers, read Charlie Fairchild's column in full atInformationWeek.