What questions are useful to scope a mobile app pen test?

When arranging a pen test it’s common practice to ask the client a set of questions, and use the answers either as the basis for further discussions, or to directly provide a test plan and quotation.

For a mobile app specifically, what questions are helpful to include? For example:

• What platforms does the app support? e.g. iOS, Android
• Was the app developed using a cross-platform framework? e.g. PhoneGap, Kivy
• Does the app connect to it’s own back-end service? e.g. bespoke REST, Firebase
  • Do these connections use SSL pinning?
• Does the app provide additional UI secuity? e.g. PIN, FLAG_SECURE
• Does the app provide IPC interfaces? e.g. URL handler, intent
• Does the app interface with hardware? e.g. bluetooth card reader
• Is the app obfuscated?
• How is the app delivered? e.g. public store, private app in store, alternate store, sideloading
• What authentication is used? e.g. pairing, user name & password, connect with Facebook
• How many views/pages does the app have?
• What permissions does the app request?
• Does the app make arbitrary network connections or listen on ports?

If you have any other ideas, please let me know!