MASVS PLATFORM

Temporary Checklist

This checklist contains the old MASVS v1 verification levels (L1, L2 and R) which we are currently reworking into "security testing profiles". The levels were assigned according to the MASVS v1 ID that the test was previously covering and might differ in the upcoming version of the MASTG and MAS Checklist.

For the upcoming of the MASTG version we will progressively split the MASTG tests into smaller tests, the so-called "atomic tests" and assign the new MAS profiles to their respective MASWE weaknesses.

MASVS-ID Platform Control / MASTG Test L1 L2 R
MASVS-PLATFORM-1 The app uses IPC mechanisms securely.
platform:android Testing for Vulnerable Implementation of PendingIntent profile:L1 profile:L2
platform:android Testing Deep Links profile:L1 profile:L2
platform:android Testing for App Permissions profile:L1 profile:L2
platform:android Testing for Sensitive Functionality Exposure Through IPC profile:L1 profile:L2
platform:android Determining Whether Sensitive Stored Data Has Been Exposed via IPC Mechanisms profile:L1 profile:L2
platform:ios Testing Universal Links profile:L1 profile:L2
platform:ios Testing App Extensions profile:L1 profile:L2
platform:ios Testing UIActivity Sharing profile:L1 profile:L2
platform:ios Testing Custom URL Schemes profile:L1 profile:L2
platform:ios Testing App Permissions profile:L1 profile:L2
platform:ios Testing UIPasteboard profile:L1 profile:L2
platform:ios Determining Whether Sensitive Data Is Exposed via IPC Mechanisms profile:L1 profile:L2
MASVS-PLATFORM-2 The app uses WebViews securely.
platform:android Testing WebViews Cleanup profile:L2
platform:android Testing JavaScript Execution in WebViews profile:L1 profile:L2
platform:android Testing for Java Objects Exposed Through WebViews profile:L1 profile:L2
platform:android Testing WebView Protocol Handlers profile:L1 profile:L2
platform:ios Testing iOS WebViews profile:L1 profile:L2
platform:ios Determining Whether Native Methods Are Exposed Through WebViews profile:L1 profile:L2
platform:ios Testing WebView Protocol Handlers profile:L1 profile:L2
MASVS-PLATFORM-3 The app uses the user interface securely.
platform:android Finding Sensitive Information in Auto-Generated Screenshots profile:L2
platform:android Checking for Sensitive Data Disclosure Through the User Interface profile:L1 profile:L2
platform:android Testing for Overlay Attacks profile:L2
platform:ios Testing Auto-Generated Screenshots for Sensitive Information profile:L2
platform:ios Checking for Sensitive Data Disclosed Through the User Interface profile:L1 profile:L2