Use this as a reference, double check for technical accuracy.
Be sure to format everything well and include authoritative sources for everything.

Android

Use java.security.Signature with secure algorithm names like SHA256withRSA, SHA384withRSA, SHA256withECDSA, or SHA384withECDSA. Avoid MD5withRSA, SHA1withRSA, and other algorithms that Android marks as deprecated or insecure.

When generating keys in the Android Keystore, use KeyGenParameterSpec to specify secure digests and key sizes, for example setting digests to SHA256 or SHA384 and key size to at least 3072 bits for RSA, or choosing EC curves that implement at least P 256.

Do not implement signature schemes yourself in app code. Always prefer well maintained libraries and the Android platform crypto providers to avoid pitfalls like weak nonces for ECDSA.

iOS

Prefer CryptoKit or modern Security framework APIs over older or deprecated interfaces. For example, use CryptoKit types like P256.Signing or Curve25519 based APIs instead of rolling your own ECDSA or RSA implementation.

When using SecKey APIs, specify secure algorithms such as kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256, or secure EC signature algorithms, and avoid SHA1 based algorithms or legacy padding options.

Do not implement signature schemes manually. Rely on the system crypto libraries and ensure they are configured with secure algorithms and key sizes.