This document discusses security considerations for mobile applications and their backend infrastructure. It recommends (1) securing the mobile app itself, (2) protecting backend servers by hardening, access control, logging and encryption, and (3) encrypting data in transit using HTTPS with certificate pinning. It also provides specific recommendations for Android like using client certificates and keystores securely. While complexity can impact security, obscuring parts of the implementation can help delay attackers without replacing core security.