MASVS-STORAGE

Temporary Checklist

This checklist contains the old MASVS v1 verification levels (L1, L2 and R) which we are currently reworking into "security testing profiles". The levels were assigned according to the MASVS v1 ID that the test was previously covering and might differ in the upcoming version of the MASTG and MAS Checklist.

For the upcoming of the MASTG version we will progressively split the MASTG tests into smaller tests, the so-called "atomic tests" and assign the new MAS profiles to their respective MASWE weaknesses.

MASVS-ID Platform Control / MASTG Test L1 L2 R
MASVS-STORAGE-1 The app securely stores sensitive data.
platform:android Testing the Device-Access-Security Policy profile:L2
platform:android Testing Local Storage for Sensitive Data profile:L1 profile:L2
platform:ios Testing Local Data Storage profile:L1 profile:L2
MASVS-STORAGE-2 The app prevents leakage of sensitive data.
platform:android Determining Whether Sensitive Data Is Shared with Third Parties via Notifications profile:L1 profile:L2
platform:android Testing Logs for Sensitive Data profile:L1 profile:L2
platform:android Determining Whether Sensitive Data Is Shared with Third Parties via Embedded Services profile:L1 profile:L2
platform:android Testing Backups for Sensitive Data profile:L2
platform:android Testing Memory for Sensitive Data profile:L2
platform:android Determining Whether the Keyboard Cache Is Disabled for Text Input Fields profile:L1 profile:L2
platform:ios Finding Sensitive Data in the Keyboard Cache profile:L1 profile:L2
platform:ios Testing Backups for Sensitive Data profile:L2
platform:ios Determining Whether Sensitive Data Is Shared with Third Parties profile:L1 profile:L2
platform:ios Testing Memory for Sensitive Data profile:L2
platform:ios Checking Logs for Sensitive Data profile:L1 profile:L2