Best Practices

About the MASTG Best Practices

The MASTG Best Practices are a collection of specific strategies and practices that can be used to prevent or mitigate security and privacy risks in mobile apps.

Each Best Practices is designed to be simple and focused and may apply to one or multiple tests in the MASTG.

ID	Title	Platform	Status
MASTG-BEST-0006	Use Up-to-Date APK Signing Schemes	platform:android	currentstatus:current
MASTG-BEST-0029	Implementing Resilience and RASP Signals	platform:generic	placeholderstatus:placeholder
MASTG-BEST-0018	Use `SecureFlagPolicy.SecureOn` to Prevent Screenshots in Compose Components	platform:android	placeholderstatus:placeholder
MASTG-BEST-0015	Use `setRecentsScreenshotEnabled` to Prevent Screenshots When Backgrounded	platform:android	placeholderstatus:placeholder
MASTG-BEST-0008	Debugging Disabled for WebViews	platform:android	currentstatus:current
MASTG-BEST-0009	Use Secure Encryption Algorithms	platform:android	currentstatus:current
MASTG-BEST-0001	Use Secure Random Number Generator APIs	platform:android	currentstatus:current
MASTG-BEST-0030	Implementing Root Detection	platform:generic	currentstatus:current
MASTG-BEST-0010	Use Up-to-Date minSdkVersion	platform:android	currentstatus:current
MASTG-BEST-0014	Preventing Screenshots and Screen Recording	platform:android	currentstatus:current
MASTG-BEST-0020	Update the GMS Security Provider	platform:android	currentstatus:current
MASTG-BEST-0012	Disable JavaScript in WebViews	platform:android	currentstatus:current
MASTG-BEST-0031	Enforce Strong Biometrics for Sensitive Operations	platform:android	currentstatus:current
MASTG-BEST-0002	Remove Logging Code	platform:android	currentstatus:current
MASTG-BEST-0021	Ensure Proper Error and Exception Handling	platform:android	currentstatus:current
MASTG-BEST-0017	Use `setSecure` to Prevent Screenshots in SurfaceViews	platform:android	placeholderstatus:placeholder
MASTG-BEST-0003	Comply with Privacy Regulations and Best Practices	platform:android	currentstatus:current
MASTG-BEST-0025	Use Secure Random Number Generator APIs	platform:ios	currentstatus:current
MASTG-BEST-0013	Disable Content Provider Access in WebViews	platform:android	currentstatus:current
MASTG-BEST-0022	Disable Verbose and Debug Logging in Production Builds	platform:ios	currentstatus:current
MASTG-BEST-0024	Store Data Encrypted in App Sandbox Directory	platform:ios	currentstatus:current
MASTG-BEST-0007	Debuggable Flag Disabled in the AndroidManifest	platform:android	currentstatus:current
MASTG-BEST-0023	Exclude Sensitive Information from Backups	platform:ios	currentstatus:current
MASTG-BEST-0026	Preventing Keyboard Caching for Sensitive Text Inputs	platform:ios	placeholderstatus:placeholder
MASTG-BEST-0011	Securely Load File Content in a WebView	platform:android	currentstatus:current
MASTG-BEST-0005	Use Secure Encryption Modes	platform:android	currentstatus:current
MASTG-BEST-0004	Exclude Sensitive Data from Backups	platform:android	currentstatus:current
MASTG-BEST-0016	Use `SECURE_FLAG` to Prevent Screenshots and Screen Recording	platform:android	placeholderstatus:placeholder
MASTG-BEST-0028	WebViews Cache Cleanup	platform:android	currentstatus:current
MASTG-BEST-0027	Preventing Sensitive Data Exposure in Notifications	platform:android	placeholderstatus:placeholder
MASTG-BEST-0019	Use Non-Caching Input Types for Sensitive Fields	platform:android	placeholderstatus:placeholder