MASVS PLATFORM

Temporary Checklist

This checklist contains the old MASVS v1 verification levels (L1, L2 and R) which we are currently reworking into "security testing profiles". The levels were assigned according to the MASVS v1 ID that the test was previously covering and might differ in the upcoming version of the MASTG and MAS Checklist.

For the upcoming of the MASTG version we will progressively split the MASTG tests into smaller tests, the so-called "atomic tests" and assign the new MAS profiles accordingly.

MASVS-ID	Platform	Control / MASTG Test	L1	L2	R
MASVS-PLATFORM-1		The app uses IPC mechanisms securely.
		Testing for Vulnerable Implementation of PendingIntent
		Determining Whether Sensitive Stored Data Has Been Exposed via IPC Mechanisms
		Testing for App Permissions
		Testing for Sensitive Functionality Exposure Through IPC
		Testing Deep Links
		Testing Universal Links
		Testing UIActivity Sharing
		Testing UIPasteboard
		Testing Custom URL Schemes
		Testing App Permissions
		Testing App Extensions
		Determining Whether Sensitive Data Is Exposed via IPC Mechanisms
MASVS-PLATFORM-2		The app uses WebViews securely.
		Testing WebViews Cleanup
		Testing for Java Objects Exposed Through WebViews
		Testing WebView Protocol Handlers
		Testing JavaScript Execution in WebViews
		Testing iOS WebViews
		Determining Whether Native Methods Are Exposed Through WebViews
		Testing WebView Protocol Handlers
MASVS-PLATFORM-3		The app uses the user interface securely.
		Checking for Sensitive Data Disclosure Through the User Interface
		Testing for Overlay Attacks
		Finding Sensitive Information in Auto-Generated Screenshots
		Testing Auto-Generated Screenshots for Sensitive Information
		Checking for Sensitive Data Disclosed Through the User Interface