Use this as a reference, double check for technical accuracy.
Be sure to format everything well and include authoritative sources for everything.

Android

• Avoid MessageDigest algorithms such as "MD5" and "SHA1". Use "SHA-256" or "SHA-512" when hashing for integrity or fingerprinting.
• For password hashing use SecretKeyFactory with PBKDF2WithHmacSHA256 or stronger, with high iteration counts, rather than a single hash.
• Avoid rolling custom cryptographic constructions with raw hashes. Use HMAC for keyed integrity and use HKDF only for high entropy inputs.

iOS

• Prefer modern APIs such as CryptoKit for SHA256 and SHA512. Avoid MD5 and SHA1 for new designs.
• For password hashing use PBKDF2 via CommonCrypto with a strong iteration count, never raw SHA functions.
• Use HMAC for keyed integrity checks and apply HKDF only to high entropy secrets.