Mobile Application Security Knowledge Base

The Mobile Application Security Knowledge Base is a collection of knowledge articles that provide detailed information on various aspects of mobile application security. It includes general security concepts, platform-specific features and APIs, as well as detailed explanations and references.

The knowledge base is designed to be a comprehensive resource for security professionals, developers, and testers who are looking to enhance their understanding of mobile application security. From cryptographic practices, data storage techniques, deep links, to network security, the knowledge base covers a wide range of topics relevant to mobile security.

The articles are organized into categories, making it easy to navigate and find specific information. They are also linked to other MASTG components, such as tests, techniques or tools, providing a holistic view of mobile application security practices.

The knowledge base is continuously updated to reflect the latest security trends, best practices, and platform updates. It serves as a valuable resource for anyone involved in mobile application security, whether you are a developer looking to implement secure coding practices, a tester conducting security assessments, or a security professional seeking to stay informed about the latest threats and mitigation strategies.

ID	Name	Platform	Category	Status
MASTG-KNOW-0115	Dynamic Binary Instrumentation	platform:generic	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0112	Emulation-based Dynamic Analysis	platform:generic	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0113	Using Disassemblers and Decompilers	platform:generic	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0111	Obfuscation	platform:generic	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0110	Code Injection	platform:generic	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0114	Debugging and Tracing	platform:generic	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0109	Binary Patching	platform:generic	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0116	Symbolic Execution	platform:generic	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0067	CommonCrypto, SecKey and Wrapper libraries	platform:ios	MASVS-CRYPTOmasvs-crypto	currentstatus:current
MASTG-KNOW-0069	Key Management	platform:ios	MASVS-CRYPTOmasvs-crypto	currentstatus:current
MASTG-KNOW-0070	Random Number Generator	platform:ios	MASVS-CRYPTOmasvs-crypto	currentstatus:current
MASTG-KNOW-0066	CryptoKit	platform:ios	MASVS-CRYPTOmasvs-crypto	currentstatus:current
MASTG-KNOW-0068	Cryptographic Third-Party libraries	platform:ios	MASVS-CRYPTOmasvs-crypto	currentstatus:current
MASTG-KNOW-0071	iOS App Transport Security	platform:ios	MASVS-NETWORKmasvs-network	currentstatus:current
MASTG-KNOW-0073	iOS Network APIs	platform:ios	MASVS-NETWORKmasvs-network	currentstatus:current
MASTG-KNOW-0072	Server Trust Evaluation	platform:ios	MASVS-NETWORKmasvs-network	currentstatus:current
MASTG-KNOW-0081	UIActivity Sharing	platform:ios	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0078	Inter-Process Communication (IPC)	platform:ios	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0076	WebViews	platform:ios	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0079	Custom URL Schemes	platform:ios	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0075	Object Serialization	platform:ios	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0082	App extensions	platform:ios	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0083	Pasteboard	platform:ios	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0074	Enforced Updating	platform:ios	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0077	App Permissions	platform:ios	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0080	Universal Links	platform:ios	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0057	Keychain Services	platform:ios	MASVS-AUTHmasvs-auth	currentstatus:current
MASTG-KNOW-0056	Local Authentication Framework	platform:ios	MASVS-AUTHmasvs-auth	currentstatus:current
MASTG-KNOW-0103	Process Memory	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0094	CoreData	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0101	Logs	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0104	Inter-Process Communication (IPC) Mechanisms	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0093	UserDefaults	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0100	Keyboard Cache	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0091	File System APIs	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0108	App Sandbox Directories	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0095	Firebase Real-time Databases	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0097	Other Third-Party Databases	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0092	Binary Data Storage	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0099	Screenshots	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0098	User Interface Components	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0096	Realm Databases	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0102	Backups	platform:ios	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0063	Debugging Information and Debug Symbols	platform:ios	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0064	Debugging Code and Error Logging	platform:ios	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0059	Third-Party Libraries	platform:ios	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0060	Memory Corruption Bugs	platform:ios	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0061	Binary Protection Mechanisms	platform:ios	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0065	Exception Handling	platform:ios	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0062	Debuggable Apps	platform:ios	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0058	App Signing	platform:ios	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0087	Reverse Engineering Tools Detection	platform:ios	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0089	Obfuscation	platform:ios	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0086	File Integrity Checks	platform:ios	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0090	Device Binding	platform:ios	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0084	Jailbreak Detection	platform:ios	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0085	Anti-Debugging Detection	platform:ios	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0088	Emulator Detection	platform:ios	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0012	Key Generation	platform:android	MASVS-CRYPTOmasvs-crypto	currentstatus:current
MASTG-KNOW-0011	Security Provider	platform:android	MASVS-CRYPTOmasvs-crypto	currentstatus:current
MASTG-KNOW-0013	Random Number Generation	platform:android	MASVS-CRYPTOmasvs-crypto	currentstatus:current
MASTG-KNOW-0015	Certificate Pinning	platform:android	MASVS-NETWORKmasvs-network	currentstatus:current
MASTG-KNOW-0014	Android Network Security Configuration	platform:android	MASVS-NETWORKmasvs-network	currentstatus:current
MASTG-KNOW-0016	TBD	platform:android	MASVS-NETWORKmasvs-network	placeholderstatus:placeholder
MASTG-KNOW-0025	Implicit Intents	platform:android	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0107	Screenshots and Screen Recording Detection	platform:android	MASVS-PLATFORMmasvs-platform	placeholderstatus:placeholder
MASTG-KNOW-0018	WebViews	platform:android	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0021	Object Serialization	platform:android	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0023	Enforced Updating	platform:android	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0022	Overlay Attacks	platform:android	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0106	App-Initiated Screenshots and Screen Recording	platform:android	MASVS-PLATFORMmasvs-platform	placeholderstatus:placeholder
MASTG-KNOW-0105	User-Initiated Screenshots and Screen Recording	platform:android	MASVS-PLATFORMmasvs-platform	placeholderstatus:placeholder
MASTG-KNOW-0019	Deep Links	platform:android	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0024	Pending Intents	platform:android	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0017	App Permissions	platform:android	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0020	Inter-Process Communication (IPC) Mechanisms	platform:android	MASVS-PLATFORMmasvs-platform	currentstatus:current
MASTG-KNOW-0001	Biometric Authentication	platform:android	MASVS-AUTHmasvs-auth	currentstatus:current
MASTG-KNOW-0002	FingerprintManager	platform:android	MASVS-AUTHmasvs-auth	deprecatedstatus:deprecated
MASTG-KNOW-0039	Firebase Real-time Databases	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0044	Key Attestation	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0053	Screenshots	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0048	KeyChain	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0040	Realm Databases	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0054	App Notifications	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0050	Backups	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0037	SQLite Database	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0042	External Storage	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0038	SQLCipher Database	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0047	Cryptographic Key Storage	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0043	Android KeyStore	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0052	User Interface Components	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0041	Internal Storage	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0055	Keyboard Cache	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0036	Shared Preferences	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0046	BouncyCastle KeyStore	platform:android	MASVS-STORAGEmasvs-storage	deprecatedstatus:deprecated
MASTG-KNOW-0051	Process Memory	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0045	Secure Key Import into Keystore	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0049	Logs	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0004	Third-Party Libraries	platform:android	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0010	Exception Handling	platform:android	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0117	Android ContentProvider	platform:android	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0008	Debugging Information and Debug Symbols	platform:android	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0006	Binary Protection Mechanisms	platform:android	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0009	StrictMode	platform:android	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0005	Memory Corruption Bugs	platform:android	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0026	Third-party Services Embedded in the App	platform:android	MASVS-STORAGEmasvs-storage	currentstatus:current
MASTG-KNOW-0032	Runtime Integrity Verification	platform:android	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0033	Obfuscation	platform:android	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0031	Emulator Detection	platform:android	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0035	Google Play Integrity API	platform:android	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0120	Device Attestation	platform:android	MASVS-RESILIENCEmasvs-resilience	placeholderstatus:placeholder
MASTG-KNOW-0030	Detection of Reverse Engineering Tools	platform:android	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0003	App Signing	platform:android	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0118	Runtime Application Self-Protection (RASP)	platform:android	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0034	Device Binding	platform:android	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0027	Root Detection	platform:android	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0007	Debuggable Apps	platform:android	MASVS-CODEmasvs-code	currentstatus:current
MASTG-KNOW-0119	Key Attestation	platform:android	MASVS-RESILIENCEmasvs-resilience	placeholderstatus:placeholder
MASTG-KNOW-0028	Anti-Debugging	platform:android	MASVS-RESILIENCEmasvs-resilience	currentstatus:current
MASTG-KNOW-0029	File Integrity Checks	platform:android	MASVS-RESILIENCEmasvs-resilience	currentstatus:current