MASVS STORAGE

Temporary Checklist

This checklist contains the old MASVS v1 verification levels (L1, L2 and R) which we are currently reworking into "security testing profiles". The levels were assigned according to the MASVS v1 ID that the test was previously covering and might differ in the upcoming version of the MASTG and MAS Checklist.

For the upcoming of the MASTG version we will progressively split the MASTG tests into smaller tests, the so-called "atomic tests" and assign the new MAS profiles accordingly.

MASVS-ID Platform Control / MASTG Test L1 L2 R
MASVS-STORAGE-1 The app securely stores sensitive data.
Testing Local Storage for Sensitive Data
Testing the Device-Access-Security Policy
Testing Local Data Storage
MASVS-STORAGE-2 The app prevents leakage of sensitive data.
Determining Whether the Keyboard Cache Is Disabled for Text Input Fields
Testing Memory for Sensitive Data
Determining Whether Sensitive Data Is Shared with Third Parties via Embedded Services
Testing Logs for Sensitive Data
Determining Whether Sensitive Data Is Shared with Third Parties via Notifications
Testing Backups for Sensitive Data
Determining Whether Sensitive Data Is Shared with Third Parties
Testing Backups for Sensitive Data
Testing Memory for Sensitive Data
Checking Logs for Sensitive Data
Finding Sensitive Data in the Keyboard Cache