myself testing a mysql/maria database server enviroment in a vps.
so the web app is together with the database.
for desktop app i used ssl connection to mysql.
to protect a vps you need expert knowledge. (for testing there exists free online services)
json, xml, object serialization between server & client.
making web apps (to use at phone) are a little bit tricky because network connection, sessions, app will restart, ssl certificate.
- for geolocation at android phone in chrome browser ssl is mandatory.