MASVS-PLATFORM

Temporary Checklist

This checklist contains the old MASVS v1 verification levels (L1, L2 and R) which we are currently reworking into "security testing profiles". The levels were assigned according to the MASVS v1 ID that the test was previously covering and might differ in the upcoming version of the MASTG and MAS Checklist.

For the upcoming of the MASTG version we will progressively split the MASTG tests into smaller tests, the so-called "atomic tests" and assign the new MAS profiles to their respective MASWE weaknesses.

MASVS-ID	Platform	Control / MASTG Test	L1	L2	R
MASVS-PLATFORM-1		The app uses IPC mechanisms securely.
	platform:android	Testing Deep Links	profile:L1	profile:L2
	platform:android	Testing for Vulnerable Implementation of PendingIntent	profile:L1	profile:L2
	platform:android	Testing for Sensitive Functionality Exposure Through IPC	profile:L1	profile:L2
	platform:android	Testing for App Permissions	profile:L1	profile:L2
	platform:android	Determining Whether Sensitive Stored Data Has Been Exposed via IPC Mechanisms	profile:L1	profile:L2
	platform:ios	Testing App Extensions	profile:L1	profile:L2
	platform:ios	Testing Custom URL Schemes	profile:L1	profile:L2
	platform:ios	Testing UIActivity Sharing	profile:L1	profile:L2
	platform:ios	Testing UIPasteboard	profile:L1	profile:L2
	platform:ios	Testing Universal Links	profile:L1	profile:L2
	platform:ios	Testing App Permissions	profile:L1	profile:L2
	platform:ios	Determining Whether Sensitive Data Is Exposed via IPC Mechanisms	profile:L1	profile:L2
MASVS-PLATFORM-2		The app uses WebViews securely.
	platform:android	Testing JavaScript Execution in WebViews	profile:L1	profile:L2
	platform:android	Testing WebView Protocol Handlers	profile:L1	profile:L2
	platform:android	Testing WebViews Cleanup		profile:L2
	platform:android	Testing for Java Objects Exposed Through WebViews	profile:L1	profile:L2
	platform:ios	Testing iOS WebViews	profile:L1	profile:L2
	platform:ios	Determining Whether Native Methods Are Exposed Through WebViews	profile:L1	profile:L2
	platform:ios	Testing WebView Protocol Handlers	profile:L1	profile:L2
MASVS-PLATFORM-3		The app uses the user interface securely.
	platform:android	Finding Sensitive Information in Auto-Generated Screenshots		profile:L2
	platform:android	Testing for Overlay Attacks		profile:L2
	platform:android	Checking for Sensitive Data Disclosure Through the User Interface	profile:L1	profile:L2
	platform:ios	Checking for Sensitive Data Disclosed Through the User Interface	profile:L1	profile:L2
	platform:ios	Testing Auto-Generated Screenshots for Sensitive Information		profile:L2