Securing communication [Authenticity, Privacy & Integrity] with mobile app?

Question

An Android/Iphone app will be accessing application data from the server. [Django-Python]

How can I secure the communication with the mobile app ?

Expec

Answer 1

Use client authentication with SSL or just layer your own client authentication (username/password, token, etc) on top of server-authentication SSL.

(Edit: Moving the comment here, since it won't fit as a comment)

To elaborate a bit, any authentication info needs to be stored or entered in the app. If you have people enter the password each time, you don't need to save it, but that's clearly inconvenient. You can encrypt it with a device-specific key, so it's not visible on rooted devices. With a private key, you need to either protect it with a user entered password (see above) or have it protected by the system. That is only available since Android 4.0 (ICS) with the public API to the system keystore, the KeyChain class. In this case, the user needs to unlock (using pattern/password or PIN) the phone to access the keystore.