Mobile Application Security Knowledge Base
The Mobile Application Security Knowledge Base is a collection of knowledge articles that provide detailed information on various aspects of mobile application security. It includes general security concepts, platform-specific features and APIs, as well as detailed explanations and references.
The knowledge base is designed to be a comprehensive resource for security professionals, developers, and testers who are looking to enhance their understanding of mobile application security. From cryptographic practices, data storage techniques, deep links, to network security, the knowledge base covers a wide range of topics relevant to mobile security.
The articles are organized into categories, making it easy to navigate and find specific information. They are also linked to other MASTG components, such as tests, techniques or tools, providing a holistic view of mobile application security practices.
The knowledge base is continuously updated to reflect the latest security trends, best practices, and platform updates. It serves as a valuable resource for anyone involved in mobile application security, whether you are a developer looking to implement secure coding practices, a tester conducting security assessments, or a security professional seeking to stay informed about the latest threats and mitigation strategies.
| ID | Name | Platform | Category | Status |
|---|---|---|---|---|
| MASTG-KNOW-0001 | Biometric Authentication | MASVS-AUTH | ||
| MASTG-KNOW-0002 | FingerprintManager | MASVS-AUTH | ||
| MASTG-KNOW-0029 | File Integrity Checks | MASVS-RESILIENCE | ||
| MASTG-KNOW-0034 | Device Binding | MASVS-RESILIENCE | ||
| MASTG-KNOW-0031 | Emulator Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0033 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0119 | Key Attestation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0035 | Google Play Integrity API | MASVS-RESILIENCE | ||
| MASTG-KNOW-0118 | Runtime Application Self-Protection (RASP) | MASVS-RESILIENCE | ||
| MASTG-KNOW-0007 | Debuggable Apps | MASVS-CODE | ||
| MASTG-KNOW-0028 | Anti-Debugging | MASVS-RESILIENCE | ||
| MASTG-KNOW-0120 | Device Attestation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0027 | Root Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0032 | Runtime Integrity Verification | MASVS-RESILIENCE | ||
| MASTG-KNOW-0003 | App Signing | MASVS-RESILIENCE | ||
| MASTG-KNOW-0030 | Reverse Engineering Tool Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0026 | Third-party Services Embedded in the App | MASVS-STORAGE | ||
| MASTG-KNOW-0013 | Random Number Generation | MASVS-CRYPTO | ||
| MASTG-KNOW-0011 | Security Provider | MASVS-CRYPTO | ||
| MASTG-KNOW-0012 | Key Generation | MASVS-CRYPTO | ||
| MASTG-KNOW-0039 | Firebase Real-time Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0043 | Android KeyStore | MASVS-STORAGE | ||
| MASTG-KNOW-0054 | App Notifications | MASVS-STORAGE | ||
| MASTG-KNOW-0042 | External Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0047 | Cryptographic Key Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0036 | Shared Preferences | MASVS-STORAGE | ||
| MASTG-KNOW-0041 | Internal Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0038 | SQLCipher Database | MASVS-STORAGE | ||
| MASTG-KNOW-0049 | Logs | MASVS-STORAGE | ||
| MASTG-KNOW-0045 | Secure Key Import into Keystore | MASVS-STORAGE | ||
| MASTG-KNOW-0044 | Key Attestation | MASVS-STORAGE | ||
| MASTG-KNOW-0051 | Process Memory | MASVS-STORAGE | ||
| MASTG-KNOW-0037 | SQLite Database | MASVS-STORAGE | ||
| MASTG-KNOW-0040 | Realm Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0050 | Backups | MASVS-STORAGE | ||
| MASTG-KNOW-0055 | Keyboard Cache | MASVS-STORAGE | ||
| MASTG-KNOW-0048 | KeyChain | MASVS-STORAGE | ||
| MASTG-KNOW-0046 | BouncyCastle KeyStore | MASVS-STORAGE | ||
| MASTG-KNOW-0052 | User Interface Components | MASVS-STORAGE | ||
| MASTG-KNOW-0053 | Screenshots | MASVS-STORAGE | ||
| MASTG-KNOW-0008 | Debugging Information and Debug Symbols | MASVS-CODE | ||
| MASTG-KNOW-0010 | Exception Handling | MASVS-CODE | ||
| MASTG-KNOW-0138 | URI Schemes in Android Intent Results | MASVS-CODE | ||
| MASTG-KNOW-0006 | Binary Protection Mechanisms | MASVS-CODE | ||
| MASTG-KNOW-0117 | Android ContentProvider | MASVS-CODE | ||
| MASTG-KNOW-0005 | Memory Corruption Bugs | MASVS-CODE | ||
| MASTG-KNOW-0004 | Third-Party Libraries | MASVS-CODE | ||
| MASTG-KNOW-0009 | StrictMode | MASVS-CODE | ||
| MASTG-KNOW-0021 | Object Serialization | MASVS-PLATFORM | ||
| MASTG-KNOW-0018 | WebViews | MASVS-PLATFORM | ||
| MASTG-KNOW-0107 | Screenshots and Screen Recording Detection | MASVS-PLATFORM | ||
| MASTG-KNOW-0132 | Android Activities | MASVS-PLATFORM | ||
| MASTG-KNOW-0133 | Android Services | MASVS-PLATFORM | ||
| MASTG-KNOW-0023 | Enforced Updating | MASVS-PLATFORM | ||
| MASTG-KNOW-0106 | App-Initiated Screenshots and Screen Recording | MASVS-PLATFORM | ||
| MASTG-KNOW-0019 | Deep Links | MASVS-PLATFORM | ||
| MASTG-KNOW-0025 | Explicit vs Implicit Intents | MASVS-PLATFORM | ||
| MASTG-KNOW-0017 | App Permissions | MASVS-PLATFORM | ||
| MASTG-KNOW-0134 | Android Broadcast Receivers | MASVS-PLATFORM | ||
| MASTG-KNOW-0105 | User-Initiated Screenshots and Screen Recording | MASVS-PLATFORM | ||
| MASTG-KNOW-0022 | Overlay Attacks | MASVS-PLATFORM | ||
| MASTG-KNOW-0024 | Pending Intents | MASVS-PLATFORM | ||
| MASTG-KNOW-0020 | Inter-Process Communication (IPC) Mechanisms | MASVS-PLATFORM | ||
| MASTG-KNOW-0016 | TBD | MASVS-NETWORK | ||
| MASTG-KNOW-0015 | Certificate Pinning | MASVS-NETWORK | ||
| MASTG-KNOW-0014 | Android Network Security Configuration | MASVS-NETWORK | ||
| MASTG-KNOW-0057 | Keychain Services | MASVS-AUTH | ||
| MASTG-KNOW-0056 | Local Authentication Framework | MASVS-AUTH | ||
| MASTG-KNOW-0140 | Source Code Integrity Checks | MASVS-RESILIENCE | ||
| MASTG-KNOW-0088 | iOS Simulator Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0085 | Anti-Debugging Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0090 | Device Binding | MASVS-RESILIENCE | ||
| MASTG-KNOW-0135 | Virtual Devices Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0136 | iOS Apps Running on macOS Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0084 | Jailbreak Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0086 | Storage Integrity Checks | MASVS-RESILIENCE | ||
| MASTG-KNOW-0087 | Reverse Engineering Tools Detection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0089 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0068 | Cryptographic Third-Party libraries | MASVS-CRYPTO | ||
| MASTG-KNOW-0066 | CryptoKit | MASVS-CRYPTO | ||
| MASTG-KNOW-0070 | Random Number Generator | MASVS-CRYPTO | ||
| MASTG-KNOW-0069 | Key Management | MASVS-CRYPTO | ||
| MASTG-KNOW-0067 | CommonCrypto, SecKey and Wrapper libraries | MASVS-CRYPTO | ||
| MASTG-KNOW-0096 | Realm Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0098 | User Interface Components | MASVS-STORAGE | ||
| MASTG-KNOW-0103 | Process Memory | MASVS-STORAGE | ||
| MASTG-KNOW-0101 | Logs | MASVS-STORAGE | ||
| MASTG-KNOW-0108 | App Sandbox Directories | MASVS-STORAGE | ||
| MASTG-KNOW-0099 | Screenshots | MASVS-STORAGE | ||
| MASTG-KNOW-0093 | UserDefaults | MASVS-STORAGE | ||
| MASTG-KNOW-0097 | Other Third-Party Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0102 | Backups | MASVS-STORAGE | ||
| MASTG-KNOW-0094 | CoreData | MASVS-STORAGE | ||
| MASTG-KNOW-0092 | Binary Data Storage | MASVS-STORAGE | ||
| MASTG-KNOW-0091 | File System APIs | MASVS-STORAGE | ||
| MASTG-KNOW-0095 | Firebase Real-time Databases | MASVS-STORAGE | ||
| MASTG-KNOW-0100 | Keyboard Cache | MASVS-STORAGE | ||
| MASTG-KNOW-0065 | Exception Handling | MASVS-CODE | ||
| MASTG-KNOW-0059 | Third-Party Libraries | MASVS-CODE | ||
| MASTG-KNOW-0063 | Debugging Information and Debug Symbols | MASVS-CODE | ||
| MASTG-KNOW-0060 | Memory Corruption Bugs | MASVS-CODE | ||
| MASTG-KNOW-0062 | Debuggable Apps | MASVS-CODE | ||
| MASTG-KNOW-0064 | Non-Production Resources | MASVS-CODE | ||
| MASTG-KNOW-0058 | App Signing | MASVS-CODE | ||
| MASTG-KNOW-0061 | Binary Protection Mechanisms | MASVS-CODE | ||
| MASTG-KNOW-0130 | Core Bluetooth | MASVS-PLATFORM | ||
| MASTG-KNOW-0083 | Pasteboard | MASVS-PLATFORM | ||
| MASTG-KNOW-0124 | SiriKit and Siri Shortcuts | MASVS-PLATFORM | ||
| MASTG-KNOW-0129 | App Intents and AI Agent Exposure | MASVS-PLATFORM | ||
| MASTG-KNOW-0104 | Low-Level System IPC Mechanisms | MASVS-PLATFORM | ||
| MASTG-KNOW-0126 | Keychain Access Groups | MASVS-PLATFORM | ||
| MASTG-KNOW-0078 | Inter-Process Communication (IPC) | MASVS-PLATFORM | ||
| MASTG-KNOW-0079 | Custom URL Schemes | MASVS-PLATFORM | ||
| MASTG-KNOW-0128 | Bonjour | MASVS-PLATFORM | ||
| MASTG-KNOW-0075 | Object Serialization | MASVS-PLATFORM | ||
| MASTG-KNOW-0082 | App Extensions | MASVS-PLATFORM | ||
| MASTG-KNOW-0141 | Custom Keyboards | MASVS-PLATFORM | ||
| MASTG-KNOW-0121 | Text Input Field Masking in iOS | MASVS-PLATFORM | ||
| MASTG-KNOW-0074 | Enforced Updating | MASVS-PLATFORM | ||
| MASTG-KNOW-0080 | Universal Links | MASVS-PLATFORM | ||
| MASTG-KNOW-0125 | App Groups | MASVS-PLATFORM | ||
| MASTG-KNOW-0077 | App Permissions | MASVS-PLATFORM | ||
| MASTG-KNOW-0081 | UIActivity Sharing | MASVS-PLATFORM | ||
| MASTG-KNOW-0127 | File Coordination APIs | MASVS-PLATFORM | ||
| MASTG-KNOW-0122 | Document Picker, Document Interaction, and Open in Place | MASVS-PLATFORM | ||
| MASTG-KNOW-0139 | WKContentWorld | MASVS-PLATFORM | ||
| MASTG-KNOW-0131 | Core NFC | MASVS-PLATFORM | ||
| MASTG-KNOW-0076 | WebViews | MASVS-PLATFORM | ||
| MASTG-KNOW-0123 | Handoff | MASVS-PLATFORM | ||
| MASTG-KNOW-0071 | iOS App Transport Security | MASVS-NETWORK | ||
| MASTG-KNOW-0072 | Server Trust Evaluation | MASVS-NETWORK | ||
| MASTG-KNOW-0073 | iOS Network APIs | MASVS-NETWORK | ||
| MASTG-KNOW-0109 | Binary Patching | MASVS-RESILIENCE | ||
| MASTG-KNOW-0113 | Using Disassemblers and Decompilers | MASVS-RESILIENCE | ||
| MASTG-KNOW-0114 | Debugging and Tracing | MASVS-RESILIENCE | ||
| MASTG-KNOW-0112 | Emulation-based Dynamic Analysis | MASVS-RESILIENCE | ||
| MASTG-KNOW-0111 | Obfuscation | MASVS-RESILIENCE | ||
| MASTG-KNOW-0110 | Code Injection | MASVS-RESILIENCE | ||
| MASTG-KNOW-0116 | Symbolic Execution | MASVS-RESILIENCE | ||
| MASTG-KNOW-0115 | Dynamic Binary Instrumentation | MASVS-RESILIENCE |