Mobile Application Security Knowledge Base
The Mobile Application Security Knowledge Base is a collection of knowledge articles that provide detailed information on various aspects of mobile application security. It includes general security concepts, platform-specific features and APIs, as well as detailed explanations and references.
The knowledge base is designed to be a comprehensive resource for security professionals, developers, and testers who are looking to enhance their understanding of mobile application security. From cryptographic practices, data storage techniques, deep links, to network security, the knowledge base covers a wide range of topics relevant to mobile security.
The articles are organized into categories, making it easy to navigate and find specific information. They are also linked to other MASTG components, such as tests, techniques or tools, providing a holistic view of mobile application security practices.
The knowledge base is continuously updated to reflect the latest security trends, best practices, and platform updates. It serves as a valuable resource for anyone involved in mobile application security, whether you are a developer looking to implement secure coding practices, a tester conducting security assessments, or a security professional seeking to stay informed about the latest threats and mitigation strategies.
| ID | Name | Platform | Category | Status |
|---|---|---|---|---|
| MASTG-KNOW-0051 | Process Memory | MASVS-STORAGE | ||
| MASTG-KNOW-0041 | Internal Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0043 | Android KeyStore | MASVS-STORAGE | ||
| MASTG-KNOW-0040 | Realm Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0049 | Logs | MASVS-STORAGE | ||
| MASTG-KNOW-0037 | SQLite Database | MASVS-STORAGE | ||
| MASTG-KNOW-0050 | Backups | MASVS-STORAGE | ||
| MASTG-KNOW-0044 | Key Attestation | MASVS-STORAGE | ||
| MASTG-KNOW-0047 | Cryptographic Key Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0052 | User Interface Components | MASVS-STORAGE | ||
| MASTG-KNOW-0038 | SQLCipher Database | MASVS-STORAGE | ||
| MASTG-KNOW-0048 | KeyChain | MASVS-STORAGE | ||
| MASTG-KNOW-0054 | App Notifications | MASVS-STORAGE | ||
| MASTG-KNOW-0036 | Shared Preferences | MASVS-STORAGE | ||
| MASTG-KNOW-0042 | External Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0055 | Keyboard Cache | MASVS-STORAGE | ||
| MASTG-KNOW-0039 | Firebase Real-time Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0045 | Secure Key Import into Keystore | MASVS-STORAGE | ||
| MASTG-KNOW-0053 | Screenshots | MASVS-STORAGE | ||
| MASTG-KNOW-0046 | BouncyCastle KeyStore | MASVS-STORAGE | ||
| MASTG-KNOW-0026 | Third-party Services Embedded in the App | MASVS-STORAGE | ||
| MASTG-KNOW-0107 | Screenshots and Screen Recording Detection | MASVS-PLATFORM | ||
| MASTG-KNOW-0024 | Pending Intents | MASVS-PLATFORM | ||
| MASTG-KNOW-0018 | WebViews | MASVS-PLATFORM | ||
| MASTG-KNOW-0019 | Deep Links | MASVS-PLATFORM | ||
| MASTG-KNOW-0022 | Overlay Attacks | MASVS-PLATFORM | ||
| MASTG-KNOW-0106 | App-Initiated Screenshots and Screen Recording | MASVS-PLATFORM | ||
| MASTG-KNOW-0105 | User-Initiated Screenshots and Screen Recording | MASVS-PLATFORM | ||
| MASTG-KNOW-0025 | Implicit Intents | MASVS-PLATFORM | ||
| MASTG-KNOW-0021 | Object Serialization | MASVS-PLATFORM | ||
| MASTG-KNOW-0017 | App Permissions | MASVS-PLATFORM | ||
| MASTG-KNOW-0023 | Enforced Updating | MASVS-PLATFORM | ||
| MASTG-KNOW-0020 | Inter-Process Communication (IPC) Mechanisms | MASVS-PLATFORM | ||
| MASTG-KNOW-0010 | Exception Handling | MASVS-CODE | ||
| MASTG-KNOW-0009 | StrictMode | MASVS-CODE | ||
| MASTG-KNOW-0005 | Memory Corruption Bugs | MASVS-CODE | ||
| MASTG-KNOW-0008 | Debugging Information and Debug Symbols | MASVS-CODE | ||
| MASTG-KNOW-0006 | Binary Protection Mechanisms | MASVS-CODE | ||
| MASTG-KNOW-0004 | Third-Party Libraries | MASVS-CODE | ||
| MASTG-KNOW-0014 | Android Network Security Configuration | MASVS-NETWORK | ||
| MASTG-KNOW-0016 | TBD | MASVS-NETWORK | ||
| MASTG-KNOW-0015 | Certificate Pinning | MASVS-NETWORK | ||
| MASTG-KNOW-0030 | Detection of Reverse Engineering Tools | MASVS-RESILIENCE | ||
| MASTG-KNOW-0035 | Google Play Integrity API | MASVS-RESILIENCE | ||
| MASTG-KNOW-0032 | Runtime Integrity Verification | MASVS-RESILIENCE | ||
| MASTG-KNOW-0028 | Anti-Debugging | MASVS-RESILIENCE | ||
| MASTG-KNOW-0033 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0029 | File Integrity Checks | MASVS-RESILIENCE | ||
| MASTG-KNOW-0031 | Emulator Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0007 | Debuggable Apps | MASVS-CODE | ||
| MASTG-KNOW-0003 | App Signing | MASVS-RESILIENCE | ||
| MASTG-KNOW-0034 | Device Binding | MASVS-RESILIENCE | ||
| MASTG-KNOW-0027 | Root Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0002 | FingerprintManager | MASVS-AUTH | ||
| MASTG-KNOW-0001 | Biometric Authentication | MASVS-AUTH | ||
| MASTG-KNOW-0013 | Random Number Generation | MASVS-CRYPTO | ||
| MASTG-KNOW-0011 | Security Provider | MASVS-CRYPTO | ||
| MASTG-KNOW-0012 | Key Generation | MASVS-CRYPTO | ||
| MASTG-KNOW-0110 | Code Injection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0111 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0112 | Emulation-based Dynamic Analysis | MASVS-RESILIENCE | ||
| MASTG-KNOW-0114 | Debugging and Tracing | MASVS-RESILIENCE | ||
| MASTG-KNOW-0113 | Using Disassemblers and Decompilers | MASVS-RESILIENCE | ||
| MASTG-KNOW-0109 | Binary Patching | MASVS-RESILIENCE | ||
| MASTG-KNOW-0115 | Dynamic Binary Instrumentation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0116 | Symbolic Execution | MASVS-RESILIENCE | ||
| MASTG-KNOW-0091 | File System APIs | MASVS-STORAGE | ||
| MASTG-KNOW-0103 | Process Memory | MASVS-STORAGE | ||
| MASTG-KNOW-0094 | CoreData | MASVS-STORAGE | ||
| MASTG-KNOW-0101 | Logs | MASVS-STORAGE | ||
| MASTG-KNOW-0099 | Screenshots | MASVS-STORAGE | ||
| MASTG-KNOW-0102 | Backups | MASVS-STORAGE | ||
| MASTG-KNOW-0096 | Realm Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0097 | Other Third-Party Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0098 | User Interface Components | MASVS-STORAGE | ||
| MASTG-KNOW-0095 | Firebase Real-time Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0100 | Keyboard Cache | MASVS-STORAGE | ||
| MASTG-KNOW-0104 | Inter-Process Communication (IPC) Mechanisms | MASVS-STORAGE | ||
| MASTG-KNOW-0108 | App Sandbox Directories | MASVS-STORAGE | ||
| MASTG-KNOW-0092 | Binary Data Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0093 | UserDefaults | MASVS-STORAGE | ||
| MASTG-KNOW-0081 | UIActivity Sharing | MASVS-PLATFORM | ||
| MASTG-KNOW-0083 | Pasteboard | MASVS-PLATFORM | ||
| MASTG-KNOW-0077 | App Permissions | MASVS-PLATFORM | ||
| MASTG-KNOW-0080 | Universal Links | MASVS-PLATFORM | ||
| MASTG-KNOW-0078 | Inter-Process Communication (IPC) | MASVS-PLATFORM | ||
| MASTG-KNOW-0079 | Custom URL Schemes | MASVS-PLATFORM | ||
| MASTG-KNOW-0082 | App extensions | MASVS-PLATFORM | ||
| MASTG-KNOW-0076 | WebViews | MASVS-PLATFORM | ||
| MASTG-KNOW-0075 | Object Serialization | MASVS-PLATFORM | ||
| MASTG-KNOW-0074 | Enforced Updating | MASVS-PLATFORM | ||
| MASTG-KNOW-0064 | Debugging Code and Error Logging | MASVS-CODE | ||
| MASTG-KNOW-0063 | Debugging Information and Debug Symbols | MASVS-CODE | ||
| MASTG-KNOW-0060 | Memory Corruption Bugs | MASVS-CODE | ||
| MASTG-KNOW-0061 | Binary Protection Mechanisms | MASVS-CODE | ||
| MASTG-KNOW-0059 | Third-Party Libraries | MASVS-CODE | ||
| MASTG-KNOW-0065 | Exception Handling | MASVS-CODE | ||
| MASTG-KNOW-0058 | App Signing | MASVS-CODE | ||
| MASTG-KNOW-0062 | Debuggable Apps | MASVS-CODE | ||
| MASTG-KNOW-0071 | iOS App Transport Security | MASVS-NETWORK | ||
| MASTG-KNOW-0072 | Server Trust Evaluation | MASVS-NETWORK | ||
| MASTG-KNOW-0073 | iOS Network APIs | MASVS-NETWORK | ||
| MASTG-KNOW-0084 | Jailbreak Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0087 | Reverse Engineering Tools Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0089 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0090 | Device Binding | MASVS-RESILIENCE | ||
| MASTG-KNOW-0088 | Emulator Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0085 | Anti-Debugging Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0086 | File Integrity Checks | MASVS-RESILIENCE | ||
| MASTG-KNOW-0056 | Local Authentication Framework | MASVS-AUTH | ||
| MASTG-KNOW-0057 | Keychain Services | MASVS-AUTH | ||
| MASTG-KNOW-0070 | Random Number Generator | MASVS-CRYPTO | ||
| MASTG-KNOW-0068 | Cryptographic Third-Party libraries | MASVS-CRYPTO | ||
| MASTG-KNOW-0067 | CommonCrypto, SecKey and Wrapper libraries | MASVS-CRYPTO | ||
| MASTG-KNOW-0066 | CryptoKit | MASVS-CRYPTO | ||
| MASTG-KNOW-0069 | Key Management | MASVS-CRYPTO |