MASVS-CRYPTO

Checklists Updated (June 2025)

The checklists now include all MASTG tests, as well as updated mappings to the new MAS profiles.

MASVS-ID	MASTG-TEST-ID	Control / MASTG Test	Platform	L1	L2	R	P	Status
MASVS-CRYPTO-1		The app employs current strong cryptography and uses it according to industry best practices.
	MASTG-TEST-0014	Testing the Configuration of Cryptographic Standard Algorithms	platform:android	profile:L1	profile:L2			deprecatedstatus:deprecated
	MASTG-TEST-0221	Broken Symmetric Encryption Algorithms	platform:android	profile:L1	profile:L2			newstatus:new
	MASTG-TEST-0310	Runtime Use of Reused Initialization Vectors in Symmetric Encryption	platform:android		profile:L2			placeholderstatus:placeholder
	MASTG-TEST-0016	Testing Random Number Generation	platform:android	profile:L1	profile:L2			deprecatedstatus:deprecated
	MASTG-TEST-0309	References to Reused Initialization Vectors in Symmetric Encryption	platform:android		profile:L2			placeholderstatus:placeholder
	MASTG-TEST-0312	References to Explicit Security Provider in Cryptographic APIs	platform:android	profile:L1	profile:L2			newstatus:new
	MASTG-TEST-0013	Testing Symmetric Cryptography	platform:android	profile:L1	profile:L2			deprecatedstatus:deprecated
	MASTG-TEST-0205	Non-random Sources Usage	platform:android	profile:L1	profile:L2			newstatus:new
	MASTG-TEST-0232	Broken Symmetric Encryption Modes	platform:android	profile:L1	profile:L2			newstatus:new
	MASTG-TEST-0204	Insecure Random API Usage	platform:android	profile:L1	profile:L2			newstatus:new
	MASTG-TEST-0211	Broken Hashing Algorithms	platform:ios	profile:L1	profile:L2			newstatus:new
	MASTG-TEST-0210	Broken Symmetric Encryption Algorithms	platform:ios	profile:L1	profile:L2			newstatus:new
	MASTG-TEST-0063	Testing Random Number Generation	platform:ios	profile:L1	profile:L2			deprecatedstatus:deprecated
	MASTG-TEST-0061	Verifying the Configuration of Cryptographic Standard Algorithms	platform:ios	profile:L1	profile:L2			deprecatedstatus:deprecated
	MASTG-TEST-0311	Insecure Random API Usage	platform:ios	profile:L1	profile:L2			newstatus:new
MASVS-CRYPTO-2		The app performs key management according to industry best practices.
	MASTG-TEST-0308	Runtime Use of Asymmetric Key Pairs Used For Multiple Purposes	platform:android		profile:L2			newstatus:new
	MASTG-TEST-0212	Use of Hardcoded Cryptographic Keys in Code	platform:android	profile:L1	profile:L2			newstatus:new
	MASTG-TEST-0015	Testing the Purposes of Keys	platform:android		profile:L2			deprecatedstatus:deprecated
	MASTG-TEST-0307	References to Asymmetric Key Pairs Used For Multiple Purposes	platform:android		profile:L2			newstatus:new
	MASTG-TEST-0208	Insufficient Key Sizes	platform:android	profile:L1	profile:L2			newstatus:new
	MASTG-TEST-0209	Insufficient Key Sizes	platform:ios	profile:L1	profile:L2			newstatus:new
	MASTG-TEST-0213	Use of Hardcoded Cryptographic Keys in Code	platform:ios	profile:L1	profile:L2			newstatus:new
	MASTG-TEST-0062	Testing Key Management	platform:ios		profile:L2			deprecatedstatus:deprecated
	MASTG-TEST-0214	Hardcoded Cryptographic Keys in Files	platform:ios	profile:L1	profile:L2			newstatus:new