Mobile Application Security Knowledge Base
The Mobile Application Security Knowledge Base is a collection of knowledge articles that provide detailed information on various aspects of mobile application security. It includes general security concepts, platform-specific features and APIs, as well as detailed explanations and references.
The knowledge base is designed to be a comprehensive resource for security professionals, developers, and testers who are looking to enhance their understanding of mobile application security. From cryptographic practices, data storage techniques, deep links, to network security, the knowledge base covers a wide range of topics relevant to mobile security.
The articles are organized into categories, making it easy to navigate and find specific information. They are also linked to other MASTG components, such as tests, techniques or tools, providing a holistic view of mobile application security practices.
The knowledge base is continuously updated to reflect the latest security trends, best practices, and platform updates. It serves as a valuable resource for anyone involved in mobile application security, whether you are a developer looking to implement secure coding practices, a tester conducting security assessments, or a security professional seeking to stay informed about the latest threats and mitigation strategies.
| ID | Name | Platform | Category | Status |
|---|---|---|---|---|
| MASTG-KNOW-0113 | Using Disassemblers and Decompilers | MASVS-RESILIENCE | ||
| MASTG-KNOW-0115 | Dynamic Binary Instrumentation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0109 | Binary Patching | MASVS-RESILIENCE | ||
| MASTG-KNOW-0111 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0116 | Symbolic Execution | MASVS-RESILIENCE | ||
| MASTG-KNOW-0110 | Code Injection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0112 | Emulation-based Dynamic Analysis | MASVS-RESILIENCE | ||
| MASTG-KNOW-0114 | Debugging and Tracing | MASVS-RESILIENCE | ||
| MASTG-KNOW-0067 | CommonCrypto, SecKey and Wrapper libraries | MASVS-CRYPTO | ||
| MASTG-KNOW-0069 | Key Management | MASVS-CRYPTO | ||
| MASTG-KNOW-0068 | Cryptographic Third-Party libraries | MASVS-CRYPTO | ||
| MASTG-KNOW-0066 | CryptoKit | MASVS-CRYPTO | ||
| MASTG-KNOW-0070 | Random Number Generator | MASVS-CRYPTO | ||
| MASTG-KNOW-0098 | User Interface Components | MASVS-STORAGE | ||
| MASTG-KNOW-0100 | Keyboard Cache | MASVS-STORAGE | ||
| MASTG-KNOW-0102 | Backups | MASVS-STORAGE | ||
| MASTG-KNOW-0101 | Logs | MASVS-STORAGE | ||
| MASTG-KNOW-0091 | File System APIs | MASVS-STORAGE | ||
| MASTG-KNOW-0108 | App Sandbox Directories | MASVS-STORAGE | ||
| MASTG-KNOW-0096 | Realm Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0094 | CoreData | MASVS-STORAGE | ||
| MASTG-KNOW-0104 | Inter-Process Communication (IPC) Mechanisms | MASVS-STORAGE | ||
| MASTG-KNOW-0092 | Binary Data Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0099 | Screenshots | MASVS-STORAGE | ||
| MASTG-KNOW-0097 | Other Third-Party Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0103 | Process Memory | MASVS-STORAGE | ||
| MASTG-KNOW-0093 | UserDefaults | MASVS-STORAGE | ||
| MASTG-KNOW-0095 | Firebase Real-time Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0074 | Enforced Updating | MASVS-PLATFORM | ||
| MASTG-KNOW-0079 | Custom URL Schemes | MASVS-PLATFORM | ||
| MASTG-KNOW-0080 | Universal Links | MASVS-PLATFORM | ||
| MASTG-KNOW-0078 | Inter-Process Communication (IPC) | MASVS-PLATFORM | ||
| MASTG-KNOW-0076 | WebViews | MASVS-PLATFORM | ||
| MASTG-KNOW-0077 | App Permissions | MASVS-PLATFORM | ||
| MASTG-KNOW-0081 | UIActivity Sharing | MASVS-PLATFORM | ||
| MASTG-KNOW-0082 | App extensions | MASVS-PLATFORM | ||
| MASTG-KNOW-0075 | Object Serialization | MASVS-PLATFORM | ||
| MASTG-KNOW-0083 | Pasteboard | MASVS-PLATFORM | ||
| MASTG-KNOW-0089 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0090 | Device Binding | MASVS-RESILIENCE | ||
| MASTG-KNOW-0085 | Anti-Debugging Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0086 | File Integrity Checks | MASVS-RESILIENCE | ||
| MASTG-KNOW-0087 | Reverse Engineering Tools Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0084 | Jailbreak Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0088 | Emulator Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0072 | Server Trust Evaluation | MASVS-NETWORK | ||
| MASTG-KNOW-0073 | iOS Network APIs | MASVS-NETWORK | ||
| MASTG-KNOW-0071 | iOS App Transport Security | MASVS-NETWORK | ||
| MASTG-KNOW-0061 | Binary Protection Mechanisms | MASVS-CODE | ||
| MASTG-KNOW-0060 | Memory Corruption Bugs | MASVS-CODE | ||
| MASTG-KNOW-0062 | Debuggable Apps | MASVS-CODE | ||
| MASTG-KNOW-0064 | Debugging Code and Error Logging | MASVS-CODE | ||
| MASTG-KNOW-0058 | App Signing | MASVS-CODE | ||
| MASTG-KNOW-0063 | Debugging Information and Debug Symbols | MASVS-CODE | ||
| MASTG-KNOW-0065 | Exception Handling | MASVS-CODE | ||
| MASTG-KNOW-0059 | Third-Party Libraries | MASVS-CODE | ||
| MASTG-KNOW-0056 | Local Authentication Framework | MASVS-AUTH | ||
| MASTG-KNOW-0057 | Keychain Services | MASVS-AUTH | ||
| MASTG-KNOW-0011 | Security Provider | MASVS-CRYPTO | ||
| MASTG-KNOW-0012 | Key Generation | MASVS-CRYPTO | ||
| MASTG-KNOW-0013 | Random Number Generation | MASVS-CRYPTO | ||
| MASTG-KNOW-0055 | Keyboard Cache | MASVS-STORAGE | ||
| MASTG-KNOW-0044 | Key Attestation | MASVS-STORAGE | ||
| MASTG-KNOW-0050 | Backups | MASVS-STORAGE | ||
| MASTG-KNOW-0040 | Realm Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0053 | Screenshots | MASVS-STORAGE | ||
| MASTG-KNOW-0054 | App Notifications | MASVS-STORAGE | ||
| MASTG-KNOW-0037 | SQLite Database | MASVS-STORAGE | ||
| MASTG-KNOW-0049 | Logs | MASVS-STORAGE | ||
| MASTG-KNOW-0048 | KeyChain | MASVS-STORAGE | ||
| MASTG-KNOW-0039 | Firebase Real-time Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0052 | User Interface Components | MASVS-STORAGE | ||
| MASTG-KNOW-0036 | Shared Preferences | MASVS-STORAGE | ||
| MASTG-KNOW-0041 | Internal Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0047 | Cryptographic Key Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0046 | BouncyCastle KeyStore | MASVS-STORAGE | ||
| MASTG-KNOW-0038 | SQLCipher Database | MASVS-STORAGE | ||
| MASTG-KNOW-0043 | Android KeyStore | MASVS-STORAGE | ||
| MASTG-KNOW-0051 | Process Memory | MASVS-STORAGE | ||
| MASTG-KNOW-0045 | Secure Key Import into Keystore | MASVS-STORAGE | ||
| MASTG-KNOW-0042 | External Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0106 | App-Initiated Screenshots and Screen Recording | MASVS-PLATFORM | ||
| MASTG-KNOW-0019 | Deep Links | MASVS-PLATFORM | ||
| MASTG-KNOW-0025 | Implicit Intents | MASVS-PLATFORM | ||
| MASTG-KNOW-0017 | App Permissions | MASVS-PLATFORM | ||
| MASTG-KNOW-0020 | Inter-Process Communication (IPC) Mechanisms | MASVS-PLATFORM | ||
| MASTG-KNOW-0105 | User-Initiated Screenshots and Screen Recording | MASVS-PLATFORM | ||
| MASTG-KNOW-0107 | Screenshots and Screen Recording Detection | MASVS-PLATFORM | ||
| MASTG-KNOW-0023 | Enforced Updating | MASVS-PLATFORM | ||
| MASTG-KNOW-0022 | Overlay Attacks | MASVS-PLATFORM | ||
| MASTG-KNOW-0021 | Object Serialization | MASVS-PLATFORM | ||
| MASTG-KNOW-0024 | Pending Intents | MASVS-PLATFORM | ||
| MASTG-KNOW-0018 | WebViews | MASVS-PLATFORM | ||
| MASTG-KNOW-0007 | Debuggable Apps | MASVS-CODE | ||
| MASTG-KNOW-0028 | Anti-Debugging | MASVS-RESILIENCE | ||
| MASTG-KNOW-0031 | Emulator Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0030 | Detection of Reverse Engineering Tools | MASVS-RESILIENCE | ||
| MASTG-KNOW-0027 | Root Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0032 | Runtime Integrity Verification | MASVS-RESILIENCE | ||
| MASTG-KNOW-0034 | Device Binding | MASVS-RESILIENCE | ||
| MASTG-KNOW-0035 | Google Play Integrity API | MASVS-RESILIENCE | ||
| MASTG-KNOW-0029 | File Integrity Checks | MASVS-RESILIENCE | ||
| MASTG-KNOW-0033 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0003 | App Signing | MASVS-RESILIENCE | ||
| MASTG-KNOW-0015 | Certificate Pinning | MASVS-NETWORK | ||
| MASTG-KNOW-0014 | Android Network Security Configuration | MASVS-NETWORK | ||
| MASTG-KNOW-0016 | TBD | MASVS-NETWORK | ||
| MASTG-KNOW-0010 | Exception Handling | MASVS-CODE | ||
| MASTG-KNOW-0008 | Debugging Information and Debug Symbols | MASVS-CODE | ||
| MASTG-KNOW-0004 | Third-Party Libraries | MASVS-CODE | ||
| MASTG-KNOW-0009 | StrictMode | MASVS-CODE | ||
| MASTG-KNOW-0005 | Memory Corruption Bugs | MASVS-CODE | ||
| MASTG-KNOW-0006 | Binary Protection Mechanisms | MASVS-CODE | ||
| MASTG-KNOW-0026 | Third-party Services Embedded in the App | MASVS-STORAGE | ||
| MASTG-KNOW-0002 | FingerprintManager | MASVS-AUTH | ||
| MASTG-KNOW-0001 | Biometric Authentication | MASVS-AUTH |