A developer should follow and QA should make sure following check points are covered.
-OS level security using Linux kerne
-Different level of permission defined by Application
-Different level of permissions granted by user
-Sharing the contents by App
-import/export data and storing on SD card.
-Safe file creation
Please add the missing points.