With Android Application part 12, we summarized the Android Security Checklist. Insecure use of cryptography is common in most mobile apps that leverage encryption. There are two fundamental ways that broken cryptography is manifested within mobile apps. Always assume that an adversary will be able to bypass any built-in code encryption offered by the underlying mobile OS. The best algorithms dont matter if you mishandle your keys. Insecure or missing authorization schemes allow an adversary to execute functionality they should not be entitled to using an authenticated but lower-privileged user of the mobile app.”]
Source: https://gbhackers.com/android-security-checklist-penetration/