Best Practices

About the MASTG Best Practices

The MASTG Best Practices are a collection of specific strategies and practices that can be used to prevent or mitigate security and privacy risks in mobile apps.

Each Best Practices is designed to be simple and focused and may apply to one or multiple tests in the MASTG.

ID	Title	Platform
MASTG-BEST-0020	Update the GMS Security Provider	platform:android
MASTG-BEST-0015	Use setRecentsScreenshotEnabled to Prevent Screenshots When Backgrounded	platform:android
MASTG-BEST-0018	Use SecureFlagPolicy.SecureOn to Prevent Screenshots in Compose Components	platform:android
MASTG-BEST-0021	Ensure Proper Error and Exception Handling	platform:android
MASTG-BEST-0002	Remove Logging Code	platform:android
MASTG-BEST-0014	Preventing Screenshots and Screen Recording	platform:android
MASTG-BEST-0001	Use Secure Random Number Generator APIs	platform:android
MASTG-BEST-0009	Use Secure Encryption Algorithms	platform:android
MASTG-BEST-0013	Disable Content Provider Access in WebViews	platform:android
MASTG-BEST-0006	Use Up-to-Date APK Signing Schemes	platform:android
MASTG-BEST-0005	Use Secure Encryption Modes	platform:android
MASTG-BEST-0017	Use setSecure to Prevent Screenshots in SurfaceViews	platform:android
MASTG-BEST-0008	Debugging Disabled for WebViews	platform:android
MASTG-BEST-0016	Use SECURE_FLAG to Prevent Screenshots and Screen Recording	platform:android
MASTG-BEST-0004	Exclude Sensitive Data from Backups	platform:android
MASTG-BEST-0007	Debuggable Flag Disabled in the AndroidManifest	platform:android
MASTG-BEST-0003	Comply with Privacy Regulations and Best Practices	platform:android
MASTG-BEST-0019	Use Non-Caching Input Types for Sensitive Fields	platform:android
MASTG-BEST-0010	Use Up-to-Date minSdkVersion	platform:android
MASTG-BEST-0012	Disable JavaScript in WebViews	platform:android
MASTG-BEST-0011	Securely Load File Content in a WebView	platform:android