One of our recommendations when it comes to making your mobile app or website more secure is to start a bug bounty. Crowdsourcing works very well when you’re trying to find security exploits in your application. The more friendly eyes you have on your app the more likely you’ll get to find out the major exploits before a hacker does.
API testing always strikes me as being the red headed stepchild in mobile development. Most of the apps we develop have a backend web service that someone else owns and the API’s specification is a moving target. Over the years APIs have been one of the major areas of frustration and costly rework.