Recommended Architecture for Mobile Apps

Lets assume app needs an external database, either hosted on cloud or on premise.

Build 2 sets of REST APIs, one for Authentication and another for actual app logic talking to your database. Also host them on different server instances if possible. If attacker is trying to break the authentication server and creates DDOS attack, your app logic server is not compromised. Also make sure every REST call for the app logic is validated by a token generated after authentication

Your client side UI can be very simple. If it is web application, you can go with simple HTML, jQuery with extensive use of Templates, and client side validations. No server side code cris-crossing your HTML and jQuery calls to REST APIs for data. This also helps in packaging the same HTML, JS, CSS in phonegap apps for any targeted mobile platform.

Your client can also be a native Windows app, Web app, Windows Phone App, iOS app or Android App. All of them will just have UI related code and all of them talk to REST APIs for data. This makes the UI/UX designers to actually work without worrying too much about server side coding.

If you architecture is based on Microsoft .Net platform, you can use Portable Class Library [PCL] to encompass your REST calls to easily usable function calls. And your Windows app, Web app, Windows Phone App, iOS using Xamarin and Android using Xamarin can all call the same PCL library for data access.

Do let me know if there are alternatives.