The 12th annual "WhiteHat Security Application Security Statistics Report" has found that 26 percent of mobile apps studied have a security vulnerability. Of those, 90 percent of Android apps have the same bug: setting the "allowBackup" flags to "true." The second most common bug for Android apps was a lack of source code obfuscation.
For iOS apps, the most common vulnerability was setting cookies without a "Secure" flag. Other common security mistakes included setting cookies without an "HTTPOnly" flag or failing to encrypt sensitive data in transit.