Mobile Application Security Knowledge Base
The Mobile Application Security Knowledge Base is a collection of knowledge articles that provide detailed information on various aspects of mobile application security. It includes general security concepts, platform-specific features and APIs, as well as detailed explanations and references.
The knowledge base is designed to be a comprehensive resource for security professionals, developers, and testers who are looking to enhance their understanding of mobile application security. From cryptographic practices, data storage techniques, deep links, to network security, the knowledge base covers a wide range of topics relevant to mobile security.
The articles are organized into categories, making it easy to navigate and find specific information. They are also linked to other MASTG components, such as tests, techniques or tools, providing a holistic view of mobile application security practices.
The knowledge base is continuously updated to reflect the latest security trends, best practices, and platform updates. It serves as a valuable resource for anyone involved in mobile application security, whether you are a developer looking to implement secure coding practices, a tester conducting security assessments, or a security professional seeking to stay informed about the latest threats and mitigation strategies.
| ID | Name | Platform | Category | Status |
|---|---|---|---|---|
| MASTG-KNOW-0116 | Symbolic Execution | MASVS-RESILIENCE | ||
| MASTG-KNOW-0112 | Emulation-based Dynamic Analysis | MASVS-RESILIENCE | ||
| MASTG-KNOW-0110 | Code Injection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0109 | Binary Patching | MASVS-RESILIENCE | ||
| MASTG-KNOW-0113 | Using Disassemblers and Decompilers | MASVS-RESILIENCE | ||
| MASTG-KNOW-0114 | Debugging and Tracing | MASVS-RESILIENCE | ||
| MASTG-KNOW-0115 | Dynamic Binary Instrumentation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0111 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0089 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0090 | Device Binding | MASVS-RESILIENCE | ||
| MASTG-KNOW-0084 | Jailbreak Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0086 | File Integrity Checks | MASVS-RESILIENCE | ||
| MASTG-KNOW-0088 | Emulator Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0085 | Anti-Debugging Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0087 | Reverse Engineering Tools Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0097 | Other Third-Party Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0100 | Keyboard Cache | MASVS-STORAGE | ||
| MASTG-KNOW-0093 | UserDefaults | MASVS-STORAGE | ||
| MASTG-KNOW-0103 | Process Memory | MASVS-STORAGE | ||
| MASTG-KNOW-0096 | Realm Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0102 | Backups | MASVS-STORAGE | ||
| MASTG-KNOW-0101 | Logs | MASVS-STORAGE | ||
| MASTG-KNOW-0108 | App Sandbox Directories | MASVS-STORAGE | ||
| MASTG-KNOW-0091 | File System APIs | MASVS-STORAGE | ||
| MASTG-KNOW-0092 | Binary Data Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0099 | Screenshots | MASVS-STORAGE | ||
| MASTG-KNOW-0095 | Firebase Real-time Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0104 | Inter-Process Communication (IPC) Mechanisms | MASVS-STORAGE | ||
| MASTG-KNOW-0094 | CoreData | MASVS-STORAGE | ||
| MASTG-KNOW-0098 | User Interface Components | MASVS-STORAGE | ||
| MASTG-KNOW-0070 | Random Number Generator | MASVS-CRYPTO | ||
| MASTG-KNOW-0069 | Key Management | MASVS-CRYPTO | ||
| MASTG-KNOW-0068 | Cryptographic Third-Party libraries | MASVS-CRYPTO | ||
| MASTG-KNOW-0067 | CommonCrypto, SecKey and Wrapper libraries | MASVS-CRYPTO | ||
| MASTG-KNOW-0066 | CryptoKit | MASVS-CRYPTO | ||
| MASTG-KNOW-0056 | Local Authentication Framework | MASVS-AUTH | ||
| MASTG-KNOW-0057 | Keychain Services | MASVS-AUTH | ||
| MASTG-KNOW-0073 | iOS Network APIs | MASVS-NETWORK | ||
| MASTG-KNOW-0072 | Server Trust Evaluation | MASVS-NETWORK | ||
| MASTG-KNOW-0071 | iOS App Transport Security | MASVS-NETWORK | ||
| MASTG-KNOW-0074 | Enforced Updating | MASVS-PLATFORM | ||
| MASTG-KNOW-0077 | App Permissions | MASVS-PLATFORM | ||
| MASTG-KNOW-0082 | App extensions | MASVS-PLATFORM | ||
| MASTG-KNOW-0081 | UIActivity Sharing | MASVS-PLATFORM | ||
| MASTG-KNOW-0079 | Custom URL Schemes | MASVS-PLATFORM | ||
| MASTG-KNOW-0083 | Pasteboard | MASVS-PLATFORM | ||
| MASTG-KNOW-0076 | WebViews | MASVS-PLATFORM | ||
| MASTG-KNOW-0075 | Object Serialization | MASVS-PLATFORM | ||
| MASTG-KNOW-0078 | Inter-Process Communication (IPC) | MASVS-PLATFORM | ||
| MASTG-KNOW-0080 | Universal Links | MASVS-PLATFORM | ||
| MASTG-KNOW-0063 | Debugging Information and Debug Symbols | MASVS-CODE | ||
| MASTG-KNOW-0058 | App Signing | MASVS-CODE | ||
| MASTG-KNOW-0060 | Memory Corruption Bugs | MASVS-CODE | ||
| MASTG-KNOW-0064 | Debugging Code and Error Logging | MASVS-CODE | ||
| MASTG-KNOW-0061 | Binary Protection Mechanisms | MASVS-CODE | ||
| MASTG-KNOW-0059 | Third-Party Libraries | MASVS-CODE | ||
| MASTG-KNOW-0065 | Exception Handling | MASVS-CODE | ||
| MASTG-KNOW-0062 | Debuggable Apps | MASVS-CODE | ||
| MASTG-KNOW-0029 | File Integrity Checks | MASVS-RESILIENCE | ||
| MASTG-KNOW-0028 | Anti-Debugging | MASVS-RESILIENCE | ||
| MASTG-KNOW-0033 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0007 | Debuggable Apps | MASVS-CODE | ||
| MASTG-KNOW-0034 | Device Binding | MASVS-RESILIENCE | ||
| MASTG-KNOW-0031 | Emulator Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0035 | Google Play Integrity API | MASVS-RESILIENCE | ||
| MASTG-KNOW-0032 | Runtime Integrity Verification | MASVS-RESILIENCE | ||
| MASTG-KNOW-0027 | Root Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0003 | App Signing | MASVS-RESILIENCE | ||
| MASTG-KNOW-0030 | Detection of Reverse Engineering Tools | MASVS-RESILIENCE | ||
| MASTG-KNOW-0038 | SQLCipher Database | MASVS-STORAGE | ||
| MASTG-KNOW-0043 | Android KeyStore | MASVS-STORAGE | ||
| MASTG-KNOW-0051 | Process Memory | MASVS-STORAGE | ||
| MASTG-KNOW-0047 | Cryptographic Key Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0055 | Keyboard Cache | MASVS-STORAGE | ||
| MASTG-KNOW-0042 | External Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0049 | Logs | MASVS-STORAGE | ||
| MASTG-KNOW-0044 | Key Attestation | MASVS-STORAGE | ||
| MASTG-KNOW-0054 | App Notifications | MASVS-STORAGE | ||
| MASTG-KNOW-0036 | Shared Preferences | MASVS-STORAGE | ||
| MASTG-KNOW-0045 | Secure Key Import into Keystore | MASVS-STORAGE | ||
| MASTG-KNOW-0040 | Realm Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0048 | KeyChain | MASVS-STORAGE | ||
| MASTG-KNOW-0050 | Backups | MASVS-STORAGE | ||
| MASTG-KNOW-0052 | User Interface Components | MASVS-STORAGE | ||
| MASTG-KNOW-0053 | Screenshots | MASVS-STORAGE | ||
| MASTG-KNOW-0046 | BouncyCastle KeyStore | MASVS-STORAGE | ||
| MASTG-KNOW-0037 | SQLite Database | MASVS-STORAGE | ||
| MASTG-KNOW-0041 | Internal Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0039 | Firebase Real-time Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0011 | Security Provider | MASVS-CRYPTO | ||
| MASTG-KNOW-0013 | Random Number Generation | MASVS-CRYPTO | ||
| MASTG-KNOW-0012 | Key Generation | MASVS-CRYPTO | ||
| MASTG-KNOW-0001 | Biometric Authentication | MASVS-AUTH | ||
| MASTG-KNOW-0002 | FingerprintManager | MASVS-AUTH | ||
| MASTG-KNOW-0016 | TBD | MASVS-NETWORK | ||
| MASTG-KNOW-0014 | Android Network Security Configuration | MASVS-NETWORK | ||
| MASTG-KNOW-0015 | Certificate Pinning | MASVS-NETWORK | ||
| MASTG-KNOW-0024 | Pending Intents | MASVS-PLATFORM | ||
| MASTG-KNOW-0025 | Implicit Intents | MASVS-PLATFORM | ||
| MASTG-KNOW-0023 | Enforced Updating | MASVS-PLATFORM | ||
| MASTG-KNOW-0017 | App Permissions | MASVS-PLATFORM | ||
| MASTG-KNOW-0107 | Screenshots and Screen Recording Detection | MASVS-PLATFORM | ||
| MASTG-KNOW-0018 | WebViews | MASVS-PLATFORM | ||
| MASTG-KNOW-0105 | User-Initiated Screenshots and Screen Recording | MASVS-PLATFORM | ||
| MASTG-KNOW-0020 | Inter-Process Communication (IPC) Mechanisms | MASVS-PLATFORM | ||
| MASTG-KNOW-0019 | Deep Links | MASVS-PLATFORM | ||
| MASTG-KNOW-0106 | App-Initiated Screenshots and Screen Recording | MASVS-PLATFORM | ||
| MASTG-KNOW-0021 | Object Serialization | MASVS-PLATFORM | ||
| MASTG-KNOW-0022 | Overlay Attacks | MASVS-PLATFORM | ||
| MASTG-KNOW-0026 | Third-party Services Embedded in the App | MASVS-STORAGE | ||
| MASTG-KNOW-0009 | StrictMode | MASVS-CODE | ||
| MASTG-KNOW-0005 | Memory Corruption Bugs | MASVS-CODE | ||
| MASTG-KNOW-0117 | Android ContentProvider | MASVS-CODE | ||
| MASTG-KNOW-0004 | Third-Party Libraries | MASVS-CODE | ||
| MASTG-KNOW-0006 | Binary Protection Mechanisms | MASVS-CODE | ||
| MASTG-KNOW-0010 | Exception Handling | MASVS-CODE | ||
| MASTG-KNOW-0008 | Debugging Information and Debug Symbols | MASVS-CODE |