Ship something real. Submit your work when you're done.
Brief
Pick a real mobile app you have access to (yours or an open-source one). Produce a 2-page threat model covering physical, network, and supply-chain surfaces. Audit against OWASP MASTG checklist. Fix the top 3 findings. Document.