What are the typical reasons why I would not pass the security review?

In no specific order, here’s a list of the top reasons for an app not being approved. For more details, see the OWASP Top 10.

• Injection (SQL, XML etc.)
• Cross Site Scripting (XSS)
• Broken Authentication and Session Management
• Insecure Direct Object References
• Cross Site Request Forgery (CSRF/XSRF)
• Security Misconfiguration
• Insecure Cryptographic Storage
• Failure to Restrict URL Access
• Insufficient Transport Layer Protection
• Unvalidated Redirects and Forwards