David Rook (@securityninja) and I gave a training class at 2011 Security BSides Las Vegas on mobile application security code reviews. We used his Agnitio code review tool to analyze a flawed application and identify potential issues.
The slides are online here:
The code for the intentionally-flawed sample Pandemobium Stock Trader application can be found online here. The code online includes both Android and iOS versions of a vulnerable application as well as the backing web services that support the apps.
dan _at_ denimgroup.com