Best Practices

About the MASTG Best Practices

The MASTG Best Practices are a collection of specific strategies and practices that can be used to prevent or mitigate security and privacy risks in mobile apps.

Each Best Practices is designed to be simple and focused and may apply to one or multiple tests in the MASTG.

ID Title Platform Status
MASTG-BEST-0006 Use Up-to-Date APK Signing Schemes platform:android currentstatus:current
MASTG-BEST-0029 Implementing Resilience and RASP Signals platform:generic placeholderstatus:placeholder
MASTG-BEST-0018 Use SecureFlagPolicy.SecureOn to Prevent Screenshots in Compose Components platform:android placeholderstatus:placeholder
MASTG-BEST-0015 Use setRecentsScreenshotEnabled to Prevent Screenshots When Backgrounded platform:android placeholderstatus:placeholder
MASTG-BEST-0008 Debugging Disabled for WebViews platform:android currentstatus:current
MASTG-BEST-0009 Use Secure Encryption Algorithms platform:android currentstatus:current
MASTG-BEST-0001 Use Secure Random Number Generator APIs platform:android currentstatus:current
MASTG-BEST-0030 Implementing Root Detection platform:generic currentstatus:current
MASTG-BEST-0010 Use Up-to-Date minSdkVersion platform:android currentstatus:current
MASTG-BEST-0014 Preventing Screenshots and Screen Recording platform:android currentstatus:current
MASTG-BEST-0020 Update the GMS Security Provider platform:android currentstatus:current
MASTG-BEST-0012 Disable JavaScript in WebViews platform:android currentstatus:current
MASTG-BEST-0031 Enforce Strong Biometrics for Sensitive Operations platform:android currentstatus:current
MASTG-BEST-0002 Remove Logging Code platform:android currentstatus:current
MASTG-BEST-0021 Ensure Proper Error and Exception Handling platform:android currentstatus:current
MASTG-BEST-0017 Use setSecure to Prevent Screenshots in SurfaceViews platform:android placeholderstatus:placeholder
MASTG-BEST-0003 Comply with Privacy Regulations and Best Practices platform:android currentstatus:current
MASTG-BEST-0025 Use Secure Random Number Generator APIs platform:ios currentstatus:current
MASTG-BEST-0013 Disable Content Provider Access in WebViews platform:android currentstatus:current
MASTG-BEST-0022 Disable Verbose and Debug Logging in Production Builds platform:ios currentstatus:current
MASTG-BEST-0024 Store Data Encrypted in App Sandbox Directory platform:ios currentstatus:current
MASTG-BEST-0007 Debuggable Flag Disabled in the AndroidManifest platform:android currentstatus:current
MASTG-BEST-0023 Exclude Sensitive Information from Backups platform:ios currentstatus:current
MASTG-BEST-0026 Preventing Keyboard Caching for Sensitive Text Inputs platform:ios placeholderstatus:placeholder
MASTG-BEST-0011 Securely Load File Content in a WebView platform:android currentstatus:current
MASTG-BEST-0005 Use Secure Encryption Modes platform:android currentstatus:current
MASTG-BEST-0004 Exclude Sensitive Data from Backups platform:android currentstatus:current
MASTG-BEST-0016 Use SECURE_FLAG to Prevent Screenshots and Screen Recording platform:android placeholderstatus:placeholder
MASTG-BEST-0028 WebViews Cache Cleanup platform:android currentstatus:current
MASTG-BEST-0027 Preventing Sensitive Data Exposure in Notifications platform:android placeholderstatus:placeholder
MASTG-BEST-0019 Use Non-Caching Input Types for Sensitive Fields platform:android placeholderstatus:placeholder