What type of app is it?
@jmcilhinney is right, you need to add more specifics. But from what I've found regarding this type of question being asked around the net. A lot of developers are reluctant to publicly share this information on what works for them. Obviously because them sharing the steps they perform to secure their applications, becomes public information and this in-turn helps those pesky little shits from reverse engineering your code, stealing it, and either pirating or reselling your work. But if you are a little more specific, I can suggest somethings you can do depending on what type of protection you want to implement.
Tell us more about what types of attacks or hacking you want to avoid?