MASVS-STORAGE

Checklists Updated (June 2025)

The checklists now include all MASTG tests, as well as updated mappings to the new MAS profiles.

MASVS-ID MASTG-TEST-ID Control / MASTG Test Platform L1 L2 R P Status
MASVS-STORAGE-1 The app securely stores sensitive data.
MASTG-TEST-0001MASTG-TEST-0001 Testing Local Storage for Sensitive Data platform:android profile:L1 profile:L2 deprecatedstatus:deprecated
MASTG-TEST-0202MASTG-TEST-0202 References to APIs and Permissions for Accessing External Storage platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0207MASTG-TEST-0207 Data Stored in the App Sandbox at Runtime platform:android profile:L2 newstatus:new
MASTG-TEST-0201MASTG-TEST-0201 Runtime Use of APIs to Access External Storage platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0200MASTG-TEST-0200 Files Written to External Storage platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0012MASTG-TEST-0012 Testing the Device-Access-Security Policy platform:android profile:L2 deprecatedstatus:deprecated
MASTG-TEST-0052MASTG-TEST-0052 Testing Local Data Storage platform:ios profile:L1 profile:L2 update-pendingstatus:update-pending
MASVS-STORAGE-2 The app prevents leakage of sensitive data.
MASTG-TEST-0003MASTG-TEST-0003 Testing Logs for Sensitive Data platform:android profile:L1 profile:L2 deprecatedstatus:deprecated
MASTG-TEST-0262MASTG-TEST-0262 References to Backup Configurations Not Excluding Sensitive Data platform:android profile:L1 profile:L2 profile:P newstatus:new
MASTG-TEST-0005MASTG-TEST-0005 Determining Whether Sensitive Data Is Shared with Third Parties via Notifications platform:android profile:L1 profile:L2 update-pendingstatus:update-pending
MASTG-TEST-0011MASTG-TEST-0011 Testing Memory for Sensitive Data platform:android profile:L2 update-pendingstatus:update-pending
MASTG-TEST-0203MASTG-TEST-0203 Runtime Use of Logging APIs platform:android profile:L1 profile:L2 profile:P newstatus:new
MASTG-TEST-0009MASTG-TEST-0009 Testing Backups for Sensitive Data platform:android profile:L1 profile:L2 deprecatedstatus:deprecated
MASTG-TEST-0004MASTG-TEST-0004 Determining Whether Sensitive Data Is Shared with Third Parties via Embedded Services platform:android profile:L1 profile:L2 update-pendingstatus:update-pending
MASTG-TEST-0231MASTG-TEST-0231 References to Logging APIs platform:android profile:L1 profile:L2 profile:P newstatus:new
MASTG-TEST-0006MASTG-TEST-0006 Determining Whether the Keyboard Cache Is Disabled for Text Input Fields platform:android profile:L1 profile:L2 deprecatedstatus:deprecated
MASTG-TEST-0216MASTG-TEST-0216 Sensitive Data Not Excluded From Backup platform:android profile:L1 profile:L2 profile:P newstatus:new
MASTG-TEST-0055MASTG-TEST-0055 Finding Sensitive Data in the Keyboard Cache platform:ios profile:L1 profile:L2 update-pendingstatus:update-pending
MASTG-TEST-0215MASTG-TEST-0215 Sensitive Data Not Excluded From Backup platform:ios profile:L1 profile:L2 profile:P newstatus:new
MASTG-TEST-0053MASTG-TEST-0053 Checking Logs for Sensitive Data platform:ios profile:L1 profile:L2 update-pendingstatus:update-pending
MASTG-TEST-0060MASTG-TEST-0060 Testing Memory for Sensitive Data platform:ios profile:L2 update-pendingstatus:update-pending
MASTG-TEST-0058MASTG-TEST-0058 Testing Backups for Sensitive Data platform:ios profile:L1 profile:L2 update-pendingstatus:update-pending
MASTG-TEST-0054MASTG-TEST-0054 Determining Whether Sensitive Data Is Shared with Third Parties platform:ios profile:L1 profile:L2 deprecatedstatus:deprecated