Best Practices
About the MASTG Best Practices
The MASTG Best Practices are a collection of specific strategies and practices that can be used to prevent or mitigate security and privacy risks in mobile apps.
Each Best Practices is designed to be simple and focused and may apply to one or multiple tests in the MASTG.
| ID | Title | Platform |
|---|---|---|
| MASTG-BEST-0002 | Remove Logging Code | |
| MASTG-BEST-0014 | Preventing Screenshots and Screen Recording | |
| MASTG-BEST-0001 | Use Secure Random Number Generator APIs | |
| MASTG-BEST-0009 | Use Secure Encryption Algorithms | |
| MASTG-BEST-0013 | Disable Content Provider Access in WebViews | |
| MASTG-BEST-0006 | Use Up-to-Date APK Signing Schemes | |
| MASTG-BEST-0005 | Use Secure Encryption Modes | |
| MASTG-BEST-0008 | Debugging Disabled for WebViews | |
| MASTG-BEST-0004 | Exclude Sensitive Data from Backups | |
| MASTG-BEST-0007 | Debuggable Flag Disabled in the AndroidManifest | |
| MASTG-BEST-0003 | Comply with Privacy Regulations and Best Practices | |
| MASTG-BEST-0010 | Use Up-to-Date minSdkVersion | |
| MASTG-BEST-0012 | Disable JavaScript in WebViews | |
| MASTG-BEST-0011 | Securely Load File Content in a WebView |