MASVS-AUTH

Checklists Updated (June 2025)

The checklists now include all MASTG tests, as well as updated mappings to the new MAS profiles.

MASVS-ID	MASTG-TEST-ID	Control / MASTG Test	Platform	L1	L2	R	P	Status
MASVS-AUTH-1		The app uses secure authentication and authorization protocols and follows the relevant best practices.
MASVS-AUTH-2		The app performs local authentication securely according to the platform best practices.
	MASTG-TEST-0017MASTG-TEST-0017	Testing Confirm Credentials	platform:android		profile:L2			update-pendingstatus:update-pending
	MASTG-TEST-0018MASTG-TEST-0018	Testing Biometric Authentication	platform:android		profile:L2			update-pendingstatus:update-pending
	MASTG-TEST-0268MASTG-TEST-0268	References to APIs Allowing Fallback to Non-Biometric Authentication	platform:ios		profile:L2			newstatus:new
	MASTG-TEST-0271MASTG-TEST-0271	Runtime Use Of APIs Detecting Biometric Enrollment Changes	platform:ios		profile:L2			newstatus:new
	MASTG-TEST-0270MASTG-TEST-0270	References to APIs Detecting Biometric Enrollment Changes	platform:ios		profile:L2			newstatus:new
	MASTG-TEST-0269MASTG-TEST-0269	Runtime Use Of APIs Allowing Fallback to Non-Biometric Authentication	platform:ios		profile:L2			newstatus:new
	MASTG-TEST-0267MASTG-TEST-0267	Runtime Use Of Event-Bound Biometric Authentication	platform:ios		profile:L2			newstatus:new
	MASTG-TEST-0064MASTG-TEST-0064	Testing Biometric Authentication	platform:ios		profile:L2			deprecatedstatus:deprecated
	MASTG-TEST-0266MASTG-TEST-0266	References to APIs for Event-Bound Biometric Authentication	platform:ios		profile:L2			newstatus:new
MASVS-AUTH-3		The app secures sensitive operations with additional authentication.