Call to PHP security (transmission security)?

I'm looking into unity for making a game that is vastly multiplayer, so naturally, i have to do the calculations and data storage on a server (in my case, php and MySQLi).

I know to protect against injections and such, as I've gotten several projects functional in strictly web environments. However, I'm curious what steps to take, or concepts to consider, when developing an app for iOS & Android in regards to security of the transmitted data.

Basically, what can keep people from 'simulating' the game, by sending similar/coppied data, and receiving the response via their own means/program?

On that same note, is there anything that I should look out for in the current market that can cause security issues between client transmissions and the server?

Keep in mind, I'll be filtering ALL data from the game on the php side of things, so if it is not strictly one of the approved transmissions from the game, then it'll be rejected. At this point, I just want to ensure that people dont try to 'clone' aspects of my app, and attempt to manipulate responses.

This is strictly in the planning phases right now, and have nothing code-wise to show. So, any pointers, or ideas would be greatly appreciated. (also, I apologize if this is an ignorant question)