- Make things flexible instead of hardcoding things.
- Keep credentials safe and obfuscated.
- Only give read / write access to things which need it and which can use it safely.
- Keep user data private and don't expose it.
- Encrypt everything.
- Don't abuse system resources & monitor performance regularly.
- Write regression tests for core parts of the code and run them regularly.
- Log important things.
- Leave good commit messages, code comments, and documentation.
- Follow coding standards.
- Don't break other people's things without fixing them.
- Do peer code reviews.
- Make sure everything has redundant backups and don't rely on just the cloud.
- Have an automated emergency downtime failover strategy and test regularly to ensure it works when you need it.
- Ensure your code runs when appropriate and doesn't run when inappropriate.
- Keep your code DRY (don't repeat yourself).
- Reuse code when appropriate
- Do whatever you can to keep compile / build / deploy times as small as possible.
- Keep your code clean. Don't pollute files, folders, namespaces, etc.
- Name things so it's easy to understand what they do and what they are (variables, functions, methods, IDs, classes, branches, etc).
- Don't use deprecated functionality and keep your libraries up to date.
- Respect the limitations of target devices (mobile and otherwise).
- Keep file sizes small.
- Ensure that actionable targets are easy to use (ex: touch targets should be finger-friendly).
- Iconography, navigation, and workflows should be familiar to users of that operating system.
- Try to code for accessibility:
- Color blindness
- Bad eyesight
- Easy to navigate
- etc
- If your userbase is multilingual, you need to keep that in mind.
- Your code may need different displays for different languages.
- Iconography, terms, and colors may might have different and possibly negative connotations in other languages.
There are many more guidelines but those are the ones which pop into my head at the moment.