Mobile Application Security Knowledge Base
The Mobile Application Security Knowledge Base is a collection of knowledge articles that provide detailed information on various aspects of mobile application security. It includes general security concepts, platform-specific features and APIs, as well as detailed explanations and references.
The knowledge base is designed to be a comprehensive resource for security professionals, developers, and testers who are looking to enhance their understanding of mobile application security. From cryptographic practices, data storage techniques, deep links, to network security, the knowledge base covers a wide range of topics relevant to mobile security.
The articles are organized into categories, making it easy to navigate and find specific information. They are also linked to other MASTG components, such as tests, techniques or tools, providing a holistic view of mobile application security practices.
The knowledge base is continuously updated to reflect the latest security trends, best practices, and platform updates. It serves as a valuable resource for anyone involved in mobile application security, whether you are a developer looking to implement secure coding practices, a tester conducting security assessments, or a security professional seeking to stay informed about the latest threats and mitigation strategies.
| ID | Name | Platform | Category | Status |
|---|---|---|---|---|
| MASTG-KNOW-0020 | Inter-Process Communication (IPC) Mechanisms | MASVS-PLATFORM | ||
| MASTG-KNOW-0107 | Screenshots and Screen Recording Detection | MASVS-PLATFORM | ||
| MASTG-KNOW-0018 | WebViews | MASVS-PLATFORM | ||
| MASTG-KNOW-0021 | Object Serialization | MASVS-PLATFORM | ||
| MASTG-KNOW-0024 | Pending Intents | MASVS-PLATFORM | ||
| MASTG-KNOW-0025 | Implicit Intents | MASVS-PLATFORM | ||
| MASTG-KNOW-0023 | Enforced Updating | MASVS-PLATFORM | ||
| MASTG-KNOW-0022 | Overlay Attacks | MASVS-PLATFORM | ||
| MASTG-KNOW-0017 | App Permissions | MASVS-PLATFORM | ||
| MASTG-KNOW-0019 | Deep Links | MASVS-PLATFORM | ||
| MASTG-KNOW-0105 | User-Initiated Screenshots and Screen Recording | MASVS-PLATFORM | ||
| MASTG-KNOW-0106 | App-Initiated Screenshots and Screen Recording | MASVS-PLATFORM | ||
| MASTG-KNOW-0026 | Third-party Services Embedded in the App | MASVS-STORAGE | ||
| MASTG-KNOW-0034 | Device Binding | MASVS-RESILIENCE | ||
| MASTG-KNOW-0032 | Runtime Integrity Verification | MASVS-RESILIENCE | ||
| MASTG-KNOW-0028 | Anti-Debugging | MASVS-RESILIENCE | ||
| MASTG-KNOW-0029 | File Integrity Checks | MASVS-RESILIENCE | ||
| MASTG-KNOW-0035 | Google Play Integrity API | MASVS-RESILIENCE | ||
| MASTG-KNOW-0003 | App Signing | MASVS-RESILIENCE | ||
| MASTG-KNOW-0033 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0027 | Root Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0007 | Debuggable Apps | MASVS-CODE | ||
| MASTG-KNOW-0030 | Detection of Reverse Engineering Tools | MASVS-RESILIENCE | ||
| MASTG-KNOW-0031 | Emulator Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0002 | FingerprintManager | MASVS-AUTH | ||
| MASTG-KNOW-0001 | Biometric Authentication | MASVS-AUTH | ||
| MASTG-KNOW-0015 | Certificate Pinning | MASVS-NETWORK | ||
| MASTG-KNOW-0016 | TBD | MASVS-NETWORK | ||
| MASTG-KNOW-0014 | Android Network Security Configuration | MASVS-NETWORK | ||
| MASTG-KNOW-0009 | StrictMode | MASVS-CODE | ||
| MASTG-KNOW-0010 | Exception Handling | MASVS-CODE | ||
| MASTG-KNOW-0008 | Debugging Information and Debug Symbols | MASVS-CODE | ||
| MASTG-KNOW-0006 | Binary Protection Mechanisms | MASVS-CODE | ||
| MASTG-KNOW-0005 | Memory Corruption Bugs | MASVS-CODE | ||
| MASTG-KNOW-0004 | Third-Party Libraries | MASVS-CODE | ||
| MASTG-KNOW-0040 | Realm Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0038 | SQLCipher Database | MASVS-STORAGE | ||
| MASTG-KNOW-0047 | Cryptographic Key Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0048 | KeyChain | MASVS-STORAGE | ||
| MASTG-KNOW-0044 | Key Attestation | MASVS-STORAGE | ||
| MASTG-KNOW-0050 | Backups | MASVS-STORAGE | ||
| MASTG-KNOW-0055 | Keyboard Cache | MASVS-STORAGE | ||
| MASTG-KNOW-0051 | Process Memory | MASVS-STORAGE | ||
| MASTG-KNOW-0037 | SQLite Database | MASVS-STORAGE | ||
| MASTG-KNOW-0053 | Screenshots | MASVS-STORAGE | ||
| MASTG-KNOW-0042 | External Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0046 | BouncyCastle KeyStore | MASVS-STORAGE | ||
| MASTG-KNOW-0041 | Internal Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0045 | Secure Key Import into Keystore | MASVS-STORAGE | ||
| MASTG-KNOW-0049 | Logs | MASVS-STORAGE | ||
| MASTG-KNOW-0052 | User Interface Components | MASVS-STORAGE | ||
| MASTG-KNOW-0036 | Shared Preferences | MASVS-STORAGE | ||
| MASTG-KNOW-0043 | Android KeyStore | MASVS-STORAGE | ||
| MASTG-KNOW-0039 | Firebase Real-time Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0054 | App Notifications | MASVS-STORAGE | ||
| MASTG-KNOW-0013 | Random Number Generation | MASVS-CRYPTO | ||
| MASTG-KNOW-0011 | Security Provider | MASVS-CRYPTO | ||
| MASTG-KNOW-0012 | Key Generation | MASVS-CRYPTO | ||
| MASTG-KNOW-0075 | Object Serialization | MASVS-PLATFORM | ||
| MASTG-KNOW-0079 | Custom URL Schemes | MASVS-PLATFORM | ||
| MASTG-KNOW-0076 | WebViews | MASVS-PLATFORM | ||
| MASTG-KNOW-0080 | Universal Links | MASVS-PLATFORM | ||
| MASTG-KNOW-0078 | Inter-Process Communication (IPC) | MASVS-PLATFORM | ||
| MASTG-KNOW-0081 | UIActivity Sharing | MASVS-PLATFORM | ||
| MASTG-KNOW-0082 | App extensions | MASVS-PLATFORM | ||
| MASTG-KNOW-0074 | Enforced Updating | MASVS-PLATFORM | ||
| MASTG-KNOW-0077 | App Permissions | MASVS-PLATFORM | ||
| MASTG-KNOW-0083 | Pasteboard | MASVS-PLATFORM | ||
| MASTG-KNOW-0089 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0086 | File Integrity Checks | MASVS-RESILIENCE | ||
| MASTG-KNOW-0088 | Emulator Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0085 | Anti-Debugging Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0084 | Jailbreak Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0087 | Reverse Engineering Tools Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0090 | Device Binding | MASVS-RESILIENCE | ||
| MASTG-KNOW-0056 | Local Authentication Framework | MASVS-AUTH | ||
| MASTG-KNOW-0057 | Keychain Services | MASVS-AUTH | ||
| MASTG-KNOW-0071 | iOS App Transport Security | MASVS-NETWORK | ||
| MASTG-KNOW-0073 | iOS Network APIs | MASVS-NETWORK | ||
| MASTG-KNOW-0072 | Server Trust Evaluation | MASVS-NETWORK | ||
| MASTG-KNOW-0061 | Binary Protection Mechanisms | MASVS-CODE | ||
| MASTG-KNOW-0062 | Debuggable Apps | MASVS-CODE | ||
| MASTG-KNOW-0064 | Debugging Code and Error Logging | MASVS-CODE | ||
| MASTG-KNOW-0065 | Exception Handling | MASVS-CODE | ||
| MASTG-KNOW-0059 | Third-Party Libraries | MASVS-CODE | ||
| MASTG-KNOW-0063 | Debugging Information and Debug Symbols | MASVS-CODE | ||
| MASTG-KNOW-0060 | Memory Corruption Bugs | MASVS-CODE | ||
| MASTG-KNOW-0058 | App Signing | MASVS-CODE | ||
| MASTG-KNOW-0099 | Screenshots | MASVS-STORAGE | ||
| MASTG-KNOW-0097 | Other Third-Party Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0098 | User Interface Components | MASVS-STORAGE | ||
| MASTG-KNOW-0100 | Keyboard Cache | MASVS-STORAGE | ||
| MASTG-KNOW-0103 | Process Memory | MASVS-STORAGE | ||
| MASTG-KNOW-0092 | Binary Data Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0108 | App Sandbox Directories | MASVS-STORAGE | ||
| MASTG-KNOW-0102 | Backups | MASVS-STORAGE | ||
| MASTG-KNOW-0091 | File System APIs | MASVS-STORAGE | ||
| MASTG-KNOW-0096 | Realm Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0093 | UserDefaults | MASVS-STORAGE | ||
| MASTG-KNOW-0104 | Inter-Process Communication (IPC) Mechanisms | MASVS-STORAGE | ||
| MASTG-KNOW-0094 | CoreData | MASVS-STORAGE | ||
| MASTG-KNOW-0095 | Firebase Real-time Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0101 | Logs | MASVS-STORAGE | ||
| MASTG-KNOW-0067 | CommonCrypto, SecKey and Wrapper libraries | MASVS-CRYPTO | ||
| MASTG-KNOW-0068 | Cryptographic Third-Party libraries | MASVS-CRYPTO | ||
| MASTG-KNOW-0066 | CryptoKit | MASVS-CRYPTO | ||
| MASTG-KNOW-0070 | Random Number Generator | MASVS-CRYPTO | ||
| MASTG-KNOW-0069 | Key Management | MASVS-CRYPTO | ||
| MASTG-KNOW-0110 | Code Injection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0114 | Debugging and Tracing | MASVS-RESILIENCE | ||
| MASTG-KNOW-0112 | Emulation-based Dynamic Analysis | MASVS-RESILIENCE | ||
| MASTG-KNOW-0116 | Symbolic Execution | MASVS-RESILIENCE | ||
| MASTG-KNOW-0115 | Dynamic Binary Instrumentation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0111 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0109 | Binary Patching | MASVS-RESILIENCE | ||
| MASTG-KNOW-0113 | Using Disassemblers and Decompilers | MASVS-RESILIENCE |