MASVS-STORAGE

Temporary Checklist

This checklist contains the old MASVS v1 verification levels (L1, L2 and R) which we are currently reworking into "security testing profiles". The levels were assigned according to the MASVS v1 ID that the test was previously covering and might differ in the upcoming version of the MASTG and MAS Checklist.

For the upcoming of the MASTG version we will progressively split the MASTG tests into smaller tests, the so-called "atomic tests" and assign the new MAS profiles to their respective MASWE weaknesses.

MASVS-ID	Platform	Control / MASTG Test	L1	L2	R
MASVS-STORAGE-1		The app securely stores sensitive data.
	platform:android	Testing the Device-Access-Security Policy		profile:L2
	platform:android	Testing Local Storage for Sensitive Data	profile:L1	profile:L2
	platform:ios	Testing Local Data Storage	profile:L1	profile:L2
MASVS-STORAGE-2		The app prevents leakage of sensitive data.
	platform:android	Testing Backups for Sensitive Data		profile:L2
	platform:android	Determining Whether Sensitive Data Is Shared with Third Parties via Embedded Services	profile:L1	profile:L2
	platform:android	Testing Logs for Sensitive Data	profile:L1	profile:L2
	platform:android	Determining Whether Sensitive Data Is Shared with Third Parties via Notifications	profile:L1	profile:L2
	platform:android	Testing Memory for Sensitive Data		profile:L2
	platform:android	Determining Whether the Keyboard Cache Is Disabled for Text Input Fields	profile:L1	profile:L2
	platform:ios	Testing Backups for Sensitive Data		profile:L2
	platform:ios	Testing Memory for Sensitive Data		profile:L2
	platform:ios	Finding Sensitive Data in the Keyboard Cache	profile:L1	profile:L2
	platform:ios	Determining Whether Sensitive Data Is Shared with Third Parties	profile:L1	profile:L2
	platform:ios	Checking Logs for Sensitive Data	profile:L1	profile:L2