OWASP Mobile Application Security
MASTG-TECH-0015: Dynamic Analysis on Android
Initializing search
OWASP/owasp-mastg
Home
MASWE (Beta)
MASTG
MASVS
MAS Checklist
MAS Crackmes
News
🎙 Talks
⭐ Contribute
💙 Donate
💬 Connect with Us
OWASP Mobile Application Security
OWASP/owasp-mastg
Home
MASWE (Beta)
MASWE (Beta)
MASVS-STORAGE
MASVS-STORAGE
MASWE-0001: Insertion of Sensitive Data into Logs
MASWE-0002: Sensitive Data Stored With Insufficient Access Restrictions in Internal Locations
MASWE-0003: Backup Unencrypted
MASWE-0004: Sensitive Data Not Excluded From Backup
MASWE-0005: API Keys Hardcoded in the App Package
MASWE-0006: Sensitive Data Stored Unencrypted in Private Storage Locations
MASWE-0007: Sensitive Data Stored Unencrypted in Shared Storage Requiring No User Interaction
MASWE-0008: Device Access Security Policy Not Enforced
MASVS-CRYPTO
MASVS-CRYPTO
MASWE-0009: Weak Cryptographic Key Generation
MASWE-0010: Weak Cryptographic Key Derivation
MASWE-0011: Cryptographic Key Rotation Not Implemented
MASWE-0012: Insecure or Wrong Usage of Cryptographic Key
MASWE-0013: Hardcoded Cryptographic Keys in Use
MASWE-0014: Cryptographic Keys Not Properly Protected at Rest
MASWE-0015: Deprecated Android KeyStore Implementations
MASWE-0016: Unsafe Handling of Imported Cryptographic Keys
MASWE-0017: Cryptographic Keys Not Properly Protected on Export
MASWE-0018: Cryptographic Keys Access Not Restricted
MASWE-0019: Potentially Weak Cryptography Implementations
MASWE-0020: Weak Encryption
MASWE-0021: Weak Hashing
MASWE-0022: Predictable Initialization Vectors (IVs)
MASWE-0023: Weak Padding
MASWE-0024: Weak Message Authentication Codes (MAC)
MASWE-0025: Weak Signature
MASWE-0026: Improper Verification of Cryptographic Signature
MASWE-0027: Cryptographically Weak Pseudo-Random Number Generator (PRNG)
MASVS-AUTH
MASVS-AUTH
MASWE-0028: MFA Implementation Best Practices Not Followed
MASWE-0029: Step-Up Authentication Not Implemented After Login
MASWE-0030: Re-Authenticates Not Triggered On Contextual State Changes
MASWE-0031: Insecure use of Android Protected Confirmation
MASWE-0032: Platform-provided Authentication APIs Not Used
MASWE-0033: Authentication or Authorization Protocol Security Best Practices Not Followed
MASWE-0034: Insecure Implementation of Confirm Credentials
MASWE-0035: Passwordless Authentication Not Implemented
MASWE-0036: Authentication Material Stored Unencrypted on the Device
MASWE-0037: Authentication Material Sent over Insecure Connections
MASWE-0038: Authentication Tokens Not Validated
MASWE-0039: Shared Web Credentials and Website-association Not Implemented
MASWE-0040: Insecure Authentication in WebViews
MASWE-0041: Authentication Enforced Only Locally Instead of on the Server-side
MASWE-0042: Authorization Enforced Only Locally Instead of on the Server-side
MASWE-0043: App Custom PIN Not Bound to Platform KeyStore
MASWE-0044: Biometric Authentication is Event-bound
MASWE-0045: Fallback to Non-biometric Credentials Allowed for Sensitive Transactions
MASWE-0046: Crypto Keys Not Invalidated on New Biometric Enrollment
MASVS-NETWORK
MASVS-NETWORK
MASWE-0047: Insecure Identity Pinning
MASWE-0048: Insecure Non-HTTP Traffic
MASWE-0049: Proved Networking APIs Not used
MASWE-0050: Cleartext Traffic
MASWE-0051: Unprotected Open Ports
MASWE-0052: Insecure Certificate Validation
MASVS-PLATFORM
MASVS-PLATFORM
MASWE-0053: Sensitive Data Leaked via the User Interface
MASWE-0054: Sensitive Data Leaked via Notifications
MASWE-0055: Sensitive Data Leaked via Screenshots
MASWE-0056: Tapjacking Attacks
MASWE-0057: StrandHogg Attack / Task Affinity Vulnerability
MASWE-0058: Insecure Deep Links
MASWE-0059: Use Of Unauthenticated Platform IPC
MASWE-0060: Insecure Use of UIActivity
MASWE-0061: Insecure Use of App Extensions
MASWE-0062: Insecure Services
MASWE-0063: Insecure Broadcast Receivers
MASWE-0064: Insecure Content Providers
MASWE-0065: Sensitive Data Permanently Shared with Other Apps
MASWE-0066: Insecure Intents
MASWE-0067: Debuggable Flag Not Disabled
MASWE-0068: JavaScript Bridges in WebViews
MASWE-0069: WebViews Allows Access to Local Resources
MASWE-0070: JavaScript Loaded from Untrusted Sources
MASWE-0071: WebViews Loading Content from Untrusted Sources
MASWE-0072: Universal XSS
MASWE-0073: Insecure WebResourceResponse Implementations
MASWE-0074: Web Content Debugging Enabled
MASVS-CODE
MASVS-CODE
MASWE-0075: Enforced Updating Not Implemented
MASWE-0076: Dependencies with Known Vulnerabilities
MASWE-0077: Running on a recent Platform Version Not Ensured
MASWE-0078: Latest Platform Version Not Targeted
MASWE-0079: Unsafe Handling of Data from the Network
MASWE-0080: Unsafe Handling of Data from Backups
MASWE-0081: Unsafe Handling Of Data From External Interfaces
MASWE-0082: Unsafe Handling of Data From Local Storage
MASWE-0083: Unsafe Handling of Data From The User Interface
MASWE-0084: Unsafe Handling of Data from IPC
MASWE-0085: Unsafe Dynamic Code Loading
MASWE-0086: SQL Injection
MASWE-0087: Insecure Parsing and Escaping
MASWE-0088: Insecure Object Deserialization
MASWE-0116: Compiler Provided Security Features Not Used
MASVS-RESILIENCE
MASVS-RESILIENCE
MASWE-0089: Code Obfuscation Not Implemented
MASWE-0090: Resource Obfuscation Not Implemented
MASWE-0091: Anti-Deobfuscation Techniques Not Implemented
MASWE-0092: Static Analysis Tools Not Prevented
MASWE-0093: Debugging Symbols Not Removed
MASWE-0094: Non-Production Resources Not Removed
MASWE-0095: Code That Disables Security Controls Not Removed
MASWE-0096: Data Sent Unencrypted Over Encrypted Connections
MASWE-0097: Root/Jailbreak Detection Not Implemented
MASWE-0098: App Virtualization Environment Detection Not Implemented
MASWE-0099: Emulator Detection Not Implemented
MASWE-0100: Device Attestation Not Implemented
MASWE-0101: Debugger Detection Not Implemented
MASWE-0102: Dynamic Analysis Tools Detection Not Implemented
MASWE-0103: RASP Techniques Not Implemented
MASWE-0104: App Integrity Not Verified
MASWE-0105: Integrity of App Resources Not Verified
MASWE-0106: Official Store Verification Not Implemented
MASWE-0107: Runtime Code Integrity Not Verified
MASVS-PRIVACY
MASVS-PRIVACY
MASWE-0108: Sensitive Data in Network Traffic
MASWE-0109: Lack of Anonymization or Pseudonymisation Measures
MASWE-0110: Use of Unique Identifiers for User Tracking
MASWE-0111: Inadequate Privacy Policy
MASWE-0112: Inadequate Data Collection Declarations
MASWE-0113: Lack of Proper Data Management Controls
MASWE-0114: Inadequate Data Visibility Controls
MASWE-0115: Inadequate or Ambiguous User Consent Mechanisms
MASTG
MASTG
Intro
Intro
Foreword
Frontispiece
OWASP MASVS and MASTG Adoption
Acknowledgments
Suggested Reading
General Concepts
General Concepts
Mobile Application Taxonomy
Mobile Application Security Testing
Mobile App Tampering and Reverse Engineering
Mobile App Authentication Architectures
Mobile App Network Communication
Mobile App Cryptography
Mobile App Code Quality
Mobile App User Privacy Protection
Android Security Testing
Android Security Testing
Android Platform Overview
Android Security Testing
Android Data Storage
Android Cryptographic APIs
Android Local Authentication
Android Network Communication
Android Platform APIs
Android Code Quality and Build Settings
Android Anti-Reversing Defenses
iOS Security Testing
iOS Security Testing
iOS Platform Overview
iOS Security Testing
iOS Data Storage
iOS Cryptographic APIs
iOS Local Authentication
iOS Network Communication
iOS Platform APIs
iOS Code Quality and Build Settings
iOS Anti-Reversing Defenses
Best Practices (v2 Beta)
Best Practices (v2 Beta)
MASTG-BEST-0001: Use Secure Random Number Generator APIs
MASTG-BEST-0002: Remove Logging Code
MASTG-BEST-0003: Comply with Privacy Regulations and Best Practices
MASTG-BEST-0004: Exclude Sensitive Data from Backups
MASTG-BEST-0005: Use Secure Encryption Modes
MASTG-BEST-0006: Use Up-to-Date APK Signing Schemes
MASTG-BEST-0007: Debuggable Flag Disabled in the AndroidManifest
MASTG-BEST-0008: Debugging Disabled for WebViews
Tests
Tests
Android
Android
MASVS-STORAGE
MASVS-STORAGE
MASTG-TEST-0001: Testing Local Storage for Sensitive Data
MASTG-TEST-0003: Testing Logs for Sensitive Data
MASTG-TEST-0004: Determining Whether Sensitive Data Is Shared with Third Parties via Embedded Services
MASTG-TEST-0005: Determining Whether Sensitive Data Is Shared with Third Parties via Notifications
MASTG-TEST-0006: Determining Whether the Keyboard Cache Is Disabled for Text Input Fields
MASTG-TEST-0009: Testing Backups for Sensitive Data
MASTG-TEST-0011: Testing Memory for Sensitive Data
MASTG-TEST-0012: Testing the Device-Access-Security Policy
MASVS-CRYPTO
MASVS-CRYPTO
MASTG-TEST-0013: Testing Symmetric Cryptography
MASTG-TEST-0014: Testing the Configuration of Cryptographic Standard Algorithms
MASTG-TEST-0015: Testing the Purposes of Keys
MASTG-TEST-0016: Testing Random Number Generation
MASVS-AUTH
MASVS-AUTH
MASTG-TEST-0017: Testing Confirm Credentials
MASTG-TEST-0018: Testing Biometric Authentication
MASVS-NETWORK
MASVS-NETWORK
MASTG-TEST-0019: Testing Data Encryption on the Network
MASTG-TEST-0020: Testing the TLS Settings
MASTG-TEST-0021: Testing Endpoint Identify Verification
MASTG-TEST-0022: Testing Custom Certificate Stores and Certificate Pinning
MASTG-TEST-0023: Testing the Security Provider
MASVS-PLATFORM
MASVS-PLATFORM
MASTG-TEST-0007: Determining Whether Sensitive Stored Data Has Been Exposed via IPC Mechanisms
MASTG-TEST-0008: Checking for Sensitive Data Disclosure Through the User Interface
MASTG-TEST-0010: Finding Sensitive Information in Auto-Generated Screenshots
MASTG-TEST-0024: Testing for App Permissions
MASTG-TEST-0028: Testing Deep Links
MASTG-TEST-0029: Testing for Sensitive Functionality Exposure Through IPC
MASTG-TEST-0030: Testing for Vulnerable Implementation of PendingIntent
MASTG-TEST-0031: Testing JavaScript Execution in WebViews
MASTG-TEST-0032: Testing WebView Protocol Handlers
MASTG-TEST-0033: Testing for Java Objects Exposed Through WebViews
MASTG-TEST-0035: Testing for Overlay Attacks
MASTG-TEST-0037: Testing WebViews Cleanup
MASVS-CODE
MASVS-CODE
MASTG-TEST-0002: Testing Local Storage for Input Validation
MASTG-TEST-0025: Testing for Injection Flaws
MASTG-TEST-0026: Testing Implicit Intents
MASTG-TEST-0027: Testing for URL Loading in WebViews
MASTG-TEST-0034: Testing Object Persistence
MASTG-TEST-0036: Testing Enforced Updating
MASTG-TEST-0042: Checking for Weaknesses in Third Party Libraries
MASTG-TEST-0043: Memory Corruption Bugs
MASTG-TEST-0044: Make Sure That Free Security Features Are Activated
MASVS-RESILIENCE
MASVS-RESILIENCE
MASTG-TEST-0038: Making Sure that the App is Properly Signed
MASTG-TEST-0039: Testing whether the App is Debuggable
MASTG-TEST-0040: Testing for Debugging Symbols
MASTG-TEST-0041: Testing for Debugging Code and Verbose Error Logging
MASTG-TEST-0045: Testing Root Detection
MASTG-TEST-0046: Testing Anti-Debugging Detection
MASTG-TEST-0047: Testing File Integrity Checks
MASTG-TEST-0048: Testing Reverse Engineering Tools Detection
MASTG-TEST-0049: Testing Emulator Detection
MASTG-TEST-0050: Testing Runtime Integrity Checks
MASTG-TEST-0051: Testing Obfuscation
MASVS-PRIVACY
iOS
iOS
MASVS-STORAGE
MASVS-STORAGE
MASTG-TEST-0052: Testing Local Data Storage
MASTG-TEST-0053: Checking Logs for Sensitive Data
MASTG-TEST-0054: Determining Whether Sensitive Data Is Shared with Third Parties
MASTG-TEST-0055: Finding Sensitive Data in the Keyboard Cache
MASTG-TEST-0058: Testing Backups for Sensitive Data
MASTG-TEST-0060: Testing Memory for Sensitive Data
MASVS-CRYPTO
MASVS-CRYPTO
MASTG-TEST-0061: Verifying the Configuration of Cryptographic Standard Algorithms
MASTG-TEST-0062: Testing Key Management
MASTG-TEST-0063: Testing Random Number Generation
MASVS-AUTH
MASVS-AUTH
MASTG-TEST-0064: Testing Local Authentication
MASVS-NETWORK
MASVS-NETWORK
MASTG-TEST-0065: Testing Data Encryption on the Network
MASTG-TEST-0066: Testing the TLS Settings
MASTG-TEST-0067: Testing Endpoint Identity Verification
MASTG-TEST-0068: Testing Custom Certificate Stores and Certificate Pinning
MASVS-PLATFORM
MASVS-PLATFORM
MASTG-TEST-0056: Determining Whether Sensitive Data Is Exposed via IPC Mechanisms
MASTG-TEST-0057: Checking for Sensitive Data Disclosed Through the User Interface
MASTG-TEST-0059: Testing Auto-Generated Screenshots for Sensitive Information
MASTG-TEST-0069: Testing App Permissions
MASTG-TEST-0070: Testing Universal Links
MASTG-TEST-0071: Testing UIActivity Sharing
MASTG-TEST-0072: Testing App Extensions
MASTG-TEST-0073: Testing UIPasteboard
MASTG-TEST-0075: Testing Custom URL Schemes
MASTG-TEST-0076: Testing iOS WebViews
MASTG-TEST-0077: Testing WebView Protocol Handlers
MASTG-TEST-0078: Determining Whether Native Methods Are Exposed Through WebViews
MASVS-CODE
MASVS-CODE
MASTG-TEST-0079: Testing Object Persistence
MASTG-TEST-0080: Testing Enforced Updating
MASTG-TEST-0085: Checking for Weaknesses in Third Party Libraries
MASTG-TEST-0086: Memory Corruption Bugs
MASTG-TEST-0087: Make Sure That Free Security Features Are Activated
MASVS-RESILIENCE
MASVS-RESILIENCE
MASTG-TEST-0081: Making Sure that the App Is Properly Signed
MASTG-TEST-0082: Testing whether the App is Debuggable
MASTG-TEST-0083: Testing for Debugging Symbols
MASTG-TEST-0084: Testing for Debugging Code and Verbose Error Logging
MASTG-TEST-0088: Testing Jailbreak Detection
MASTG-TEST-0089: Testing Anti-Debugging Detection
MASTG-TEST-0090: Testing File Integrity Checks
MASTG-TEST-0091: Testing Reverse Engineering Tools Detection
MASTG-TEST-0092: Testing Emulator Detection
MASTG-TEST-0093: Testing Obfuscation
MASVS-PRIVACY
Tests (v2 Beta)
Tests (v2 Beta)
Android
Android
MASVS-STORAGE
MASVS-STORAGE
MASTG-TEST-0200: Files Written to External Storage
MASTG-TEST-0201: Runtime Use of APIs to Access External Storage
MASTG-TEST-0202: References to APIs and Permissions for Accessing External Storage
MASTG-TEST-0203: Runtime Use of Logging APIs
MASTG-TEST-0207: Data Stored in the App Sandbox at Runtime
MASTG-TEST-0216: Sensitive Data Not Excluded From Backup
MASTG-TEST-0231: References to Logging APIs
MASVS-CRYPTO
MASVS-CRYPTO
MASTG-TEST-0204: Insecure Random API Usage
MASTG-TEST-0205: Non-random Sources Usage
MASTG-TEST-0208: Inappropriate Key Sizes
MASTG-TEST-0212: Use of Hardcoded Cryptographic Keys in Code
MASTG-TEST-0221: Weak Encryption Algorithms
MASTG-TEST-0232: Weak Encryption Modes
MASVS-NETWORK
MASVS-NETWORK
MASTG-TEST-0217: Insecure TLS Protocols Explicitly Allowed in Code
MASTG-TEST-0218: Insecure TLS Protocols in Network Traffic
MASTG-TEST-0233: Hardcoded HTTP URLs
MASTG-TEST-0234: SSLSockets not Properly Verifying Hostnames
MASTG-TEST-0235: Android App Configurations Allowing Cleartext Traffic
MASTG-TEST-0236: Cleartext Traffic Observed on the Network
MASTG-TEST-0237: Cross-Platform Framework Configurations Allowing Cleartext Traffic
MASTG-TEST-0238: Runtime Use of Network APIs Transmitting Cleartext Traffic
MASTG-TEST-0239: Using low-level APIs (e.g. Socket) to set up a custom HTTP connection
MASVS-CODE
MASVS-CODE
MASTG-TEST-0222: Position Independent Code (PIC) Not Enabled
MASTG-TEST-0223: Stack Canaries Not Enabled
MASVS-RESILIENCE
MASVS-RESILIENCE
MASTG-TEST-0224: Usage of Insecure Signature Version
MASTG-TEST-0225: Usage of Insecure Signature Key Size
MASTG-TEST-0226: Debuggable Flag Enabled in the AndroidManifest
MASTG-TEST-0227: Debugging Enabled for WebViews
MASVS-PRIVACY
MASVS-PRIVACY
MASTG-TEST-0206: Sensitive Data in Network Traffic Capture
iOS
iOS
MASVS-STORAGE
MASVS-STORAGE
MASTG-TEST-0215: Sensitive Data Not Excluded From Backup
MASVS-CRYPTO
MASVS-CRYPTO
MASTG-TEST-0209: Inappropriate Key Sizes
MASTG-TEST-0210: Weak Encryption Algorithms
MASTG-TEST-0211: Weak Hashing Algorithms
MASTG-TEST-0213: Use of Hardcoded Cryptographic Keys in Code
MASTG-TEST-0214: Hardcoded Cryptographic Keys in Files
MASVS-CODE
MASVS-CODE
MASTG-TEST-0228: Position Independent Code (PIC) not Enabled
MASTG-TEST-0229: Stack Canaries not enabled
MASTG-TEST-0230: Automatic Reference Counting (ARC) not enabled
MASVS-RESILIENCE
MASVS-RESILIENCE
MASTG-TEST-0219: Testing for Debugging Symbols
MASTG-TEST-0220: Usage of Outdated Code Signature Format
Demos (v2 Beta)
Demos (v2 Beta)
Android
Android
MASVS-STORAGE
MASVS-STORAGE
MASTG-DEMO-0001: File System Snapshots from External Storage
MASTG-DEMO-0002: External Storage APIs Tracing with Frida
MASTG-DEMO-0003: App Writing to External Storage without Scoped Storage Restrictions
MASTG-DEMO-0004: App Writing to External Storage with Scoped Storage Restrictions
MASTG-DEMO-0005: App Writing to External Storage via the MediaStore API
MASTG-DEMO-0006: Tracing Common Logging APIs Looking for Secrets
MASTG-DEMO-0010: File System Snapshots from Internal Storage
MASTG-DEMO-0020: Uses of AutoBackup backup_rules.xml to Exclude Data From Backups
MASVS-CRYPTO
MASVS-CRYPTO
MASTG-DEMO-0007: Common Uses of Insecure Random APIs
MASTG-DEMO-0008: Uses of Non-random Sources
MASTG-DEMO-0012: Weak Cryptographic Key Generation
MASTG-DEMO-0017: Use of Hardcoded AES Key in SecretKeySpec with semgrep
MASVS-PRIVACY
MASVS-PRIVACY
MASTG-DEMO-0009: Detecting Sensitive Data in Network Traffic
iOS
iOS
MASVS-STORAGE
MASVS-STORAGE
MASTG-DEMO-0019: Uses of isExcludedFromBackupKey with r2
MASVS-CRYPTO
MASVS-CRYPTO
MASTG-DEMO-0011: Uses of Weak Key Size in SecKeyCreateRandomKey with r2
MASTG-DEMO-0013: Use of Hardcoded RSA Private Key in SecKeyCreateWithData with r2
MASTG-DEMO-0014: Use of Hardcoded ECDSA Private Key in CryptoKit with r2
MASTG-DEMO-0015: Uses of Insecure Hashing Algorithms in CommonCrypto with r2
MASTG-DEMO-0016: Uses of Insecure Hashing Algorithms in CryptoKit with r2
MASTG-DEMO-0018: Uses of Insecure Encryption Algorithms in CommonCrypto with r2
Techniques
Techniques
Generic
Generic
MASTG-TECH-0047: Reverse Engineering
MASTG-TECH-0048: Static Analysis
MASTG-TECH-0049: Dynamic Analysis
MASTG-TECH-0050: Binary Analysis
MASTG-TECH-0051: Tampering and Runtime Instrumentation
Android
Android
MASTG-TECH-0001: Accessing the Device Shell
MASTG-TECH-0002: Host-Device Data Transfer
MASTG-TECH-0003: Obtaining and Extracting Apps
MASTG-TECH-0004: Repackaging Apps
MASTG-TECH-0005: Installing Apps
MASTG-TECH-0006: Listing Installed Apps
MASTG-TECH-0007: Exploring the App Package
MASTG-TECH-0008: Accessing App Data Directories
MASTG-TECH-0009: Monitoring System Logs
MASTG-TECH-0010: Basic Network Monitoring/Sniffing
MASTG-TECH-0011: Setting Up an Interception Proxy
MASTG-TECH-0012: Bypassing Certificate Pinning
MASTG-TECH-0013: Reverse Engineering Android Apps
MASTG-TECH-0014: Static Analysis on Android
MASTG-TECH-0015: Dynamic Analysis on Android
MASTG-TECH-0016: Disassembling Code to Smali
MASTG-TECH-0017: Decompiling Java Code
MASTG-TECH-0018: Disassembling Native Code
MASTG-TECH-0019: Retrieving Strings
MASTG-TECH-0020: Retrieving Cross References
MASTG-TECH-0021: Information Gathering - API Usage
MASTG-TECH-0022: Information Gathering - Network Communication
MASTG-TECH-0023: Reviewing Decompiled Java Code
MASTG-TECH-0024: Reviewing Disassembled Native Code
MASTG-TECH-0025: Automated Static Analysis
MASTG-TECH-0026: Dynamic Analysis on Non-Rooted Devices
MASTG-TECH-0027: Get Open Files
MASTG-TECH-0028: Get Open Connections
MASTG-TECH-0029: Get Loaded Native Libraries
MASTG-TECH-0030: Sandbox Inspection
MASTG-TECH-0031: Debugging
MASTG-TECH-0032: Execution Tracing
MASTG-TECH-0033: Method Tracing
MASTG-TECH-0034: Native Code Tracing
MASTG-TECH-0035: JNI Tracing
MASTG-TECH-0036: Emulation-based Analysis
MASTG-TECH-0037: Symbolic Execution
MASTG-TECH-0038: Patching
MASTG-TECH-0039: Repackaging & Re-Signing
MASTG-TECH-0040: Waiting for the Debugger
MASTG-TECH-0041: Library Injection
MASTG-TECH-0042: Getting Loaded Classes and Methods Dynamically
MASTG-TECH-0043: Method Hooking
MASTG-TECH-0044: Process Exploration
MASTG-TECH-0045: Runtime Reverse Engineering
MASTG-TECH-0100: Logging Sensitive Data from Network Traffic
MASTG-TECH-0108: Taint Analysis
MASTG-TECH-0109: Intercepting Flutter HTTPS Traffic
MASTG-TECH-0115: Obtaining Compiler-Provided Security Features
MASTG-TECH-0116: Obtaining Information about the APK Signature
MASTG-TECH-0117: Obtaining Information from the AndroidManifest
iOS
iOS
MASTG-TECH-0052: Accessing the Device Shell
MASTG-TECH-0053: Host-Device Data Transfer
MASTG-TECH-0054: Obtaining and Extracting Apps
MASTG-TECH-0055: Launching a Repackaged App in Debug Mode
MASTG-TECH-0056: Installing Apps
MASTG-TECH-0057: Listing Installed Apps
MASTG-TECH-0058: Exploring the App Package
MASTG-TECH-0059: Accessing App Data Directories
MASTG-TECH-0060: Monitoring System Logs
MASTG-TECH-0061: Dumping KeyChain Data
MASTG-TECH-0062: Basic Network Monitoring/Sniffing
MASTG-TECH-0063: Setting up an Interception Proxy
MASTG-TECH-0064: Bypassing Certificate Pinning
MASTG-TECH-0065: Reverse Engineering iOS Apps
MASTG-TECH-0066: Static Analysis on iOS
MASTG-TECH-0067: Dynamic Analysis on iOS
MASTG-TECH-0068: Disassembling Native Code
MASTG-TECH-0069: Decompiling Native Code
MASTG-TECH-0070: Extracting Information from the Application Binary
MASTG-TECH-0071: Retrieving Strings
MASTG-TECH-0072: Retrieving Cross References
MASTG-TECH-0073: Information Gathering - API Usage
MASTG-TECH-0074: Information Gathering - Network Communication
MASTG-TECH-0075: Reviewing Decompiled Objective-C and Swift Code
MASTG-TECH-0076: Reviewing Disassembled Objective-C and Swift Code
MASTG-TECH-0077: Reviewing Disassembled Native Code
MASTG-TECH-0078: Automated Static Analysis
MASTG-TECH-0079: Getting a Developer Provisioning Profile
MASTG-TECH-0080: Get Open Files
MASTG-TECH-0081: Get Open Connections
MASTG-TECH-0082: Get Shared Libraries
MASTG-TECH-0083: Sandbox Inspection
MASTG-TECH-0084: Debugging
MASTG-TECH-0085: Execution Tracing
MASTG-TECH-0086: Method Tracing
MASTG-TECH-0087: Native Code Tracing
MASTG-TECH-0088: Emulation-based Analysis
MASTG-TECH-0089: Symbolic Execution
MASTG-TECH-0090: Injecting Frida Gadget into an IPA Automatically
MASTG-TECH-0091: Injecting Libraries into an IPA Manually
MASTG-TECH-0092: Repackaging and Re-Signing
MASTG-TECH-0093: Waiting for the debugger
MASTG-TECH-0094: Getting Loaded Classes and Methods dynamically
MASTG-TECH-0095: Method Hooking
MASTG-TECH-0096: Process Exploration
MASTG-TECH-0097: Runtime Reverse Engineering
MASTG-TECH-0098: Patching React Native Apps
MASTG-TECH-0110: Intercepting Flutter HTTPS Traffic
MASTG-TECH-0111: Extracting Entitlements from MachO Binaries
MASTG-TECH-0112: Obtaining the Code Signature Format Version
MASTG-TECH-0113: Obtaining Debugging Symbols
MASTG-TECH-0114: Demangling Symbols
MASTG-TECH-0118: Obtaining Compiler-Provided Security Features
Tools
Tools
Generic
Generic
MASTG-TOOL-0031: Frida
MASTG-TOOL-0032: Frida CodeShare
MASTG-TOOL-0033: Ghidra
MASTG-TOOL-0034: LIEF
MASTG-TOOL-0035: MobSF
MASTG-TOOL-0036: r2frida
MASTG-TOOL-0037: RMS Runtime Mobile Security
MASTG-TOOL-0038: objection
MASTG-TOOL-0098: iaito
MASTG-TOOL-0100: reFlutter
MASTG-TOOL-0101: disable-flutter-tls-verification
MASTG-TOOL-0104: hermes-dec
MASTG-TOOL-0106: Fridump
MASTG-TOOL-0108: Corellium
MASTG-TOOL-0110: semgrep
Android
Android
MASTG-TOOL-0001: Frida for Android
MASTG-TOOL-0002: MobSF for Android
MASTG-TOOL-0003: nm - Android
MASTG-TOOL-0004: adb
MASTG-TOOL-0005: Android NDK
MASTG-TOOL-0006: Android SDK
MASTG-TOOL-0007: Android Studio
MASTG-TOOL-0008: Android-SSL-TrustKiller
MASTG-TOOL-0009: APKiD
MASTG-TOOL-0010: APKLab
MASTG-TOOL-0011: Apktool
MASTG-TOOL-0012: apkx
MASTG-TOOL-0013: Busybox
MASTG-TOOL-0014: Bytecode Viewer
MASTG-TOOL-0015: drozer
MASTG-TOOL-0016: gplaycli
MASTG-TOOL-0017: House
MASTG-TOOL-0018: jadx
MASTG-TOOL-0019: jdb
MASTG-TOOL-0020: JustTrustMe
MASTG-TOOL-0021: Magisk
MASTG-TOOL-0022: Proguard
MASTG-TOOL-0023: RootCloak Plus
MASTG-TOOL-0024: Scrcpy
MASTG-TOOL-0025: SSLUnpinning
MASTG-TOOL-0026: Termux
MASTG-TOOL-0027: Xposed
MASTG-TOOL-0028: radare2 for Android
MASTG-TOOL-0029: objection for Android
MASTG-TOOL-0030: Angr
MASTG-TOOL-0099: FlowDroid
MASTG-TOOL-0103: uber-apk-signer
MASTG-TOOL-0107: JNITrace
MASTG-TOOL-0112: pidcat
MASTG-TOOL-0116: Blutter
MASTG-TOOL-0120: proxyDroid
MASTG-TOOL-0123: apksigner
MASTG-TOOL-0124: aapt2
MASTG-TOOL-0125: Apkleaks
iOS
iOS
MASTG-TOOL-0039: Frida for iOS
MASTG-TOOL-0040: MobSF for iOS
MASTG-TOOL-0041: nm - iOS
MASTG-TOOL-0042: BinaryCookieReader
MASTG-TOOL-0043: class-dump
MASTG-TOOL-0044: class-dump-z
MASTG-TOOL-0045: class-dump-dyld
MASTG-TOOL-0046: Cycript
MASTG-TOOL-0047: Cydia
MASTG-TOOL-0048: dsdump
MASTG-TOOL-0049: Frida-cycript
MASTG-TOOL-0050: Frida-ios-dump
MASTG-TOOL-0051: gdb
MASTG-TOOL-0053: iOSbackup
MASTG-TOOL-0054: ios-deploy
MASTG-TOOL-0055: iProxy
MASTG-TOOL-0056: Keychain-Dumper
MASTG-TOOL-0057: lldb
MASTG-TOOL-0058: MachoOView
MASTG-TOOL-0059: optool
MASTG-TOOL-0060: otool
MASTG-TOOL-0061: Grapefruit
MASTG-TOOL-0062: Plutil
MASTG-TOOL-0063: security
MASTG-TOOL-0064: Sileo
MASTG-TOOL-0065: simctl
MASTG-TOOL-0066: SSL Kill Switch 3
MASTG-TOOL-0067: swift-demangle
MASTG-TOOL-0068: SwiftShield
MASTG-TOOL-0069: Usbmuxd
MASTG-TOOL-0070: Xcode
MASTG-TOOL-0071: Xcode Command Line Tools
MASTG-TOOL-0072: xcrun
MASTG-TOOL-0073: radare2 for iOS
MASTG-TOOL-0074: objection for iOS
MASTG-TOOL-0102: ios-app-signer
MASTG-TOOL-0105: ipsw
MASTG-TOOL-0111: ldid
MASTG-TOOL-0114: codesign
MASTG-TOOL-0117: fastlane
MASTG-TOOL-0118: Sideloadly
MASTG-TOOL-0121: objdump - iOS
MASTG-TOOL-0122: c++filt
Network
Network
MASTG-TOOL-0075: Android tcpdump
MASTG-TOOL-0076: bettercap
MASTG-TOOL-0077: Burp Suite
MASTG-TOOL-0078: MITM Relay
MASTG-TOOL-0079: OWASP ZAP
MASTG-TOOL-0080: tcpdump
MASTG-TOOL-0081: Wireshark
MASTG-TOOL-0097: mitmproxy
MASTG-TOOL-0109: Nope-Proxy
MASTG-TOOL-0115: HTTP Toolkit
Apps
Apps
Android
Android
MASTG-APP-0001: AndroGoat
MASTG-APP-0002: Android License Validator
MASTG-APP-0003: Android UnCrackable L1
MASTG-APP-0004: Android UnCrackable L2
MASTG-APP-0005: Android UnCrackable L3
MASTG-APP-0006: Digitalbank
MASTG-APP-0007: DIVA Android
MASTG-APP-0008: DodoVulnerableBank
MASTG-APP-0009: DVHMA
MASTG-APP-0010: InsecureBankv2
MASTG-APP-0011: MASTG Hacking Playground (Java)
MASTG-APP-0012: MASTG Hacking Playground (Kotlin)
MASTG-APP-0013: OVAA
MASTG-APP-0014: InsecureShop
MASTG-APP-0015: Android UnCrackable L4
MASTG-APP-0016: Finstergram
MASTG-APP-0017: Disable-flutter-tls-verification
iOS
iOS
MASTG-APP-0023: DVIA
MASTG-APP-0024: DVIA-v2
MASTG-APP-0025: iOS UnCrackable L1
MASTG-APP-0026: iOS UnCrackable L2
MASTG-APP-0027: Disable-flutter-tls-verification
MASTG-APP-0028: iGoat-Swift
MASVS
MASVS
Intro
Intro
Foreword
About the Standard
The Mobile Application Security Verification Standard
Assessment and Certification
MASVS-STORAGE
MASVS-STORAGE-1
MASVS-STORAGE-2
MASVS-CRYPTO
MASVS-CRYPTO-1
MASVS-CRYPTO-2
MASVS-AUTH
MASVS-AUTH-1
MASVS-AUTH-2
MASVS-AUTH-3
MASVS-NETWORK
MASVS-NETWORK-1
MASVS-NETWORK-2
MASVS-PLATFORM
MASVS-PLATFORM-1
MASVS-PLATFORM-2
MASVS-PLATFORM-3
MASVS-CODE
MASVS-CODE-1
MASVS-CODE-2
MASVS-CODE-3
MASVS-CODE-4
MASVS-RESILIENCE
MASVS-RESILIENCE-1
MASVS-RESILIENCE-2
MASVS-RESILIENCE-3
MASVS-RESILIENCE-4
MASVS-PRIVACY
MASVS-PRIVACY-1
MASVS-PRIVACY-2
MASVS-PRIVACY-3
MASVS-PRIVACY-4
MAS Checklist
MAS Checklist
MASVS-STORAGE
MASVS-CRYPTO
MASVS-AUTH
MASVS-NETWORK
MASVS-PLATFORM
MASVS-CODE
MASVS-RESILIENCE
MASVS-PRIVACY
MAS Crackmes
MAS Crackmes
Android Crackmes
iOS Crackmes
News
News
None
🎙 Talks
⭐ Contribute
⭐ Contribute
Contributing to the MAS Project
How Can You Contribute?
Getting Started
Pull Requests & Reviews
Add a New Language
Style Guide
Add a Crackme
💙 Donate
💙 Donate
Donations
How to Donate
Donation Packages
💬 Connect with Us
tech
android
MASTG-TECH-0015: Dynamic Analysis on Android
TBD
Back to top