June 09, 2010
By Dan Cornell
In summary the author lists:
- Authentication and Authorization Are Crucial for Services Deployed to Support Smartphone Applications
- Do Not Authenticate Requests with Values that Look Random But Aren’t
- Never Trust Anything in an Attacker-Controlled Request (Especially User-Agent Headers)
- Don’t Trust Your Service Providers; Test Them
It is written with more of a focus on security, but the technical aspects are correct for this situation. However going deeper from here the whole issue of privacy is much greater than just the application of security. I sound like Schneier.