In this talk we will discuss the main pitfalls when deploying security mechanisms in mobile applications, as informed from experience in the field. The main issues include session management, authentication workflows and secure API design. The results are based on a 3-year effort at Aarhus University to perform preliminary security analysis of around 50 applications as part of the final project in the Network/Systems Security courses.