Great questions!
The code of the client that our app is using is already open and we are going to gradually open source most parts of the project closer to our beta releases.
Transaction signing is being handled by our servers for now, mostly because we use Xamarin and weren't able to find a good out of the box alternative to Piston or Steem-js written in C#. However, that doesn't seem like a long term solution to us, and we're going to add the transaction signing to the client side in the next releases.
We've just started to work on a simple version of a transaction signing library in C#, that our mobile clients could use, and will open source the lib as soon as it signs transactions.
Great to know that you guys writing C# library for wrapping local transaction signing which should solve security issues. Quick search showed number of open source libraries are available that have figured out ECC, hope you find them helpful.
Looking forward to check C# library and use it ;)