The «OWASP Mobile Top 10» (version 2016) includes a list of the most critical vulnerabilities in mobile applications: Improper Platform Usage, Insecure Data Storage, Insecure Communication, Insecure Authentication, Insufficient Cryptography, Insecure Authorization, Poor Code Quality, Code Tampering, Reverse Engineering, Extraneous Functionality.