Security in android applications

Many a time developers face the issue of implementing secure android applications. Here is a list of ways of achieving the same

1. You can use RSA to encrypt the AES keys that will be used in encrypting the request body and send the same in the headers or body and use them to decrypt the request for processing and encrypt the response back to the application.
2. Message signing is another option that can be used in addition to AES to encrypt and decrypt the payload. The server signs the response using the private key(obtained from the server) and the application verifies the request using the public key.
3. Diffie Hellman Key exchange(the application and the server performs a handshake. They both compute the secret key and share and one can use AES to encrypt and decrypt the payload.