Developing Android apps is fun. But crashing apps can ruin your reputation. Android demands extensive testing. Here are the top vulnerabilities I always keep in mind to avoid:

1. Information Gathering: Make sure all the data is scrutinised and to the point.
2. Configuration and Deployment analysis
3. Security for Authentication
4. Assessment for confidential information leak. Make sure its safe for users to enter their information.
5. Unauthorised intent login has to be solved with proper procedure.


Besides these fundamental analysis above, I also undertake technical testing that includes:

1. Back testing the mobile application code.
2. Filtering bugs in Common Libraries.
3. 'Application Known Controllers' enumeration.
4. Clean hidden codes in the primary code.
5. Content Providers Access Permissions.
6. Cross application authorization.
7. Clipboard Separation.
8. Authorization decision on the client side.

There are less important things like Shared User Resources and privileged data security.

I guess I covered most of the topic here. And really hope it helps.