MASTG Tests
About the MASTG Tests
The MASTG "Atomic Tests" are a new addition to the MAS project. They are a collection of small, individual tests that can be used to assess the security and privacy of a mobile application. Each test is designed to be simple and focused on a single issue. The goal is to make it easier for developers and security professionals to identify and fix issues in their mobile applications.
Tests are organized into categories based on theOWASP MASVS and have a weakness assigned from theOWASP MASWE.
Each test includes:
- Overview: A brief description of the test.
- Steps: A set of steps to follow to identify the weakness in a mobile application.
- Observation: A description of the results of running the test against an application.
- Evaluation: Specific instructions for evaluating the results of the test.
Each test comes with a collection of demos that demonstrate the weakness in a sample application. These demos are written in markdown and are located in theDemos section of the MASTG.
| ID | Title | Platform | L1 | L2 | R | P | Status |
|---|---|---|---|---|---|---|---|
| MASTG-TEST-0231 | References to Logging APIs | platform:android | profile:L1 | profile:L2 | profile:P | newstatus:new | |
| MASTG-TEST-0207 | Runtime Storage of Unencrypted Data in the App Sandbox | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0012 | Testing the Device-Access-Security Policy | platform:android | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0304 | Sensitive Data Stored Unencrypted via SQLite | platform:android | profile:L1 | profile:L2 | placeholderstatus:placeholder | ||
| MASTG-TEST-0200 | Files Written to External Storage | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0287 | Sensitive Data Stored Unencrypted via the SharedPreferences API to the App Sandbox | platform:android | profile:L1 | profile:L2 | placeholderstatus:placeholder | ||
| MASTG-TEST-0006 | Determining Whether the Keyboard Cache Is Disabled for Text Input Fields | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0004 | Determining Whether Sensitive Data Is Shared with Third Parties via Embedded Services | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0306 | Sensitive Data Stored Unencrypted via Android Room DB | platform:android | profile:L1 | profile:L2 | placeholderstatus:placeholder | ||
| MASTG-TEST-0003 | Testing Logs for Sensitive Data | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0262 | References to Backup Configurations Not Excluding Sensitive Data | platform:android | profile:L1 | profile:L2 | profile:P | newstatus:new | |
| MASTG-TEST-0201 | Runtime Use of APIs to Access External Storage | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0009 | Testing Backups for Sensitive Data | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0005 | Determining Whether Sensitive Data Is Shared with Third Parties via Notifications | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0203 | Runtime Use of Logging APIs | platform:android | profile:L1 | profile:L2 | profile:P | newstatus:new | |
| MASTG-TEST-0305 | Sensitive Data Stored Unencrypted via DataStore | platform:android | profile:L1 | profile:L2 | placeholderstatus:placeholder | ||
| MASTG-TEST-0216 | Sensitive Data Not Excluded From Backup | platform:android | profile:L1 | profile:L2 | profile:P | newstatus:new | |
| MASTG-TEST-0011 | Testing Memory for Sensitive Data | platform:android | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0001 | Testing Local Storage for Sensitive Data | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0202 | References to APIs and Permissions for Accessing External Storage | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0206 | Undeclared PII in Network Traffic Capture | platform:android | profile:P | newstatus:new | |||
| MASTG-TEST-0256 | Missing Permission Rationale | platform:android | profile:P | placeholderstatus:placeholder | |||
| MASTG-TEST-0255 | Permission Requests Not Minimized | platform:android | profile:P | placeholderstatus:placeholder | |||
| MASTG-TEST-0254 | Dangerous App Permissions | platform:android | profile:P | newstatus:new | |||
| MASTG-TEST-0257 | Not Resetting Unused Permissions | platform:android | profile:P | placeholderstatus:placeholder | |||
| MASTG-TEST-0033 | Testing for Java Objects Exposed Through WebViews | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0008 | Checking for Sensitive Data Disclosure Through the User Interface | platform:android | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0037 | Testing WebViews Cleanup | platform:android | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0289 | Runtime Verification of Sensitive Content Exposure in Screenshots During App Backgrounding | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0291 | References to Screen Capturing Prevention APIs | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0315 | Sensitive Data Exposed via Notifications | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0293 | setSecure Not Used to Prevent Screenshots in SurfaceViews | platform:android | profile:L2 | placeholderstatus:placeholder | |||
| MASTG-TEST-0028 | Testing Deep Links | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0007 | Determining Whether Sensitive Stored Data Has Been Exposed via IPC Mechanisms | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0294 | SecureOn Not Used to Prevent Screenshots in Compose Dialogs | platform:android | profile:L2 | placeholderstatus:placeholder | |||
| MASTG-TEST-0250 | References to Content Provider Access in WebViews | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0251 | Runtime Use of Content Provider Access APIs in WebViews | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0252 | References to Local File Access in WebViews | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0010 | Finding Sensitive Information in Auto-Generated Screenshots | platform:android | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0253 | Runtime Use of Local File Access APIs in WebViews | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0029 | Testing for Sensitive Functionality Exposure Through IPC | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0024 | Testing for App Permissions | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0030 | Testing for Vulnerable Implementation of PendingIntent | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0031 | Testing JavaScript Execution in WebViews | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0316 | App Exposing User Authentication Data in Text Input Fields | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0032 | Testing WebView Protocol Handlers | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0035 | Testing for Overlay Attacks | platform:android | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0258 | References to Keyboard Caching Attributes in UI Elements | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0292 | setRecentsScreenshotEnabled Not Used to Prevent Screenshots When Backgrounded | platform:android | profile:L2 | placeholderstatus:placeholder | |||
| MASTG-TEST-0027 | Testing for URL Loading in WebViews | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0272 | Identify Dependencies with Known Vulnerabilities in the Android Project | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0002 | Testing Local Storage for Input Validation | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0223 | Stack Canaries Not Enabled | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0042 | Checking for Weaknesses in Third Party Libraries | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0036 | Testing Enforced Updating | platform:android | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0034 | Testing Object Persistence | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0044 | Make Sure That Free Security Features Are Activated | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0245 | References to Platform Version APIs | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0025 | Testing for Injection Flaws | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0222 | Position Independent Code (PIC) Not Enabled | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0026 | Testing Implicit Intents | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0043 | Memory Corruption Bugs | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0274 | Dependencies with Known Vulnerabilities in the App's SBOM | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0283 | Incorrect Implementation of Server Hostname Verification | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0282 | Unsafe Custom Trust Evaluation | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0295 | GMS Security Provider Not Updated | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0020 | Testing the TLS Settings | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0022 | Testing Custom Certificate Stores and Certificate Pinning | platform:android | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0019 | Testing Data Encryption on the Network | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0235 | Android App Configurations Allowing Cleartext Traffic | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0237 | Cross-Platform Framework Configurations Allowing Cleartext Traffic | platform:android | profile:L1 | profile:L2 | placeholderstatus:placeholder | ||
| MASTG-TEST-0285 | Outdated Android Version Allowing Trust in User-Provided CAs | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0023 | Testing the Security Provider | platform:android | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0217 | Insecure TLS Protocols Explicitly Allowed in Code | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0236 | Cleartext Traffic Observed on the Network | platform:network | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0021 | Testing Endpoint Identify Verification | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0243 | Expired Certificate Pins in the Network Security Configuration | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0242 | Missing Certificate Pinning in Network Security Configuration | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0284 | Incorrect SSL Error Handling in WebViews | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0239 | Using low-level APIs (e.g. Socket) to set up a custom HTTP connection | platform:android | profile:L1 | profile:L2 | placeholderstatus:placeholder | ||
| MASTG-TEST-0244 | Missing Certificate Pinning in Network Traffic | platform:network | profile:L2 | newstatus:new | |||
| MASTG-TEST-0218 | Insecure TLS Protocols in Network Traffic | platform:network | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0238 | Runtime Use of Network APIs Transmitting Cleartext Traffic | platform:android | profile:L1 | profile:L2 | placeholderstatus:placeholder | ||
| MASTG-TEST-0234 | Missing Implementation of Server Hostname Verification with SSLSockets | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0286 | Network Security Configuration Allowing Trust in User-Provided CAs | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0233 | Hardcoded HTTP URLs | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0041 | Testing for Debugging Code and Verbose Error Logging | platform:android | profile:R | deprecatedstatus:deprecated | |||
| MASTG-TEST-0038 | Making Sure that the App is Properly Signed | platform:android | profile:R | deprecatedstatus:deprecated | |||
| MASTG-TEST-0226 | Debuggable Flag Enabled in the AndroidManifest | platform:android | profile:R | newstatus:new | |||
| MASTG-TEST-0045 | Testing Root Detection | platform:android | profile:R | update-pendingstatus:update-pending | |||
| MASTG-TEST-0046 | Testing Anti-Debugging Detection | platform:android | profile:R | update-pendingstatus:update-pending | |||
| MASTG-TEST-0247 | References to APIs for Detecting Secure Screen Lock | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0050 | Testing Runtime Integrity Checks | platform:android | profile:R | update-pendingstatus:update-pending | |||
| MASTG-TEST-0249 | Runtime Use of Secure Screen Lock Detection APIs | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0288 | Debugging Symbols in Native Binaries | platform:android | profile:R | newstatus:new | |||
| MASTG-TEST-0051 | Testing Obfuscation | platform:android | profile:R | update-pendingstatus:update-pending | |||
| MASTG-TEST-0048 | Testing Reverse Engineering Tools Detection | platform:android | profile:R | update-pendingstatus:update-pending | |||
| MASTG-TEST-0227 | Debugging Enabled for WebViews | platform:android | profile:R | newstatus:new | |||
| MASTG-TEST-0047 | Testing File Integrity Checks | platform:android | profile:R | update-pendingstatus:update-pending | |||
| MASTG-TEST-0224 | Usage of Insecure Signature Version | platform:android | profile:R | newstatus:new | |||
| MASTG-TEST-0039 | Testing whether the App is Debuggable | platform:android | profile:R | deprecatedstatus:deprecated | |||
| MASTG-TEST-0049 | Testing Emulator Detection | platform:android | profile:R | update-pendingstatus:update-pending | |||
| MASTG-TEST-0040 | Testing for Debugging Symbols | platform:android | profile:R | deprecatedstatus:deprecated | |||
| MASTG-TEST-0263 | Logging of StrictMode Violations | platform:android | profile:R | newstatus:new | |||
| MASTG-TEST-0264 | Runtime Use of StrictMode APIs | platform:android | profile:R | newstatus:new | |||
| MASTG-TEST-0265 | References to StrictMode APIs | platform:android | profile:R | newstatus:new | |||
| MASTG-TEST-0225 | Usage of Insecure Signature Key Size | platform:android | profile:R | newstatus:new | |||
| MASTG-TEST-0018 | Testing Biometric Authentication | platform:android | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0017 | Testing Confirm Credentials | platform:android | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0308 | Runtime Use of Asymmetric Key Pairs Used For Multiple Purposes | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0014 | Testing the Configuration of Cryptographic Standard Algorithms | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0221 | Broken Symmetric Encryption Algorithms | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0212 | Use of Hardcoded Cryptographic Keys in Code | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0310 | Runtime Use of Reused Initialization Vectors in Symmetric Encryption | platform:android | profile:L2 | placeholderstatus:placeholder | |||
| MASTG-TEST-0016 | Testing Random Number Generation | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0015 | Testing the Purposes of Keys | platform:android | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0307 | References to Asymmetric Key Pairs Used For Multiple Purposes | platform:android | profile:L2 | newstatus:new | |||
| MASTG-TEST-0309 | References to Reused Initialization Vectors in Symmetric Encryption | platform:android | profile:L2 | placeholderstatus:placeholder | |||
| MASTG-TEST-0312 | References to Explicit Security Provider in Cryptographic APIs | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0208 | Insufficient Key Sizes | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0013 | Testing Symmetric Cryptography | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0205 | Non-random Sources Usage | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0232 | Broken Symmetric Encryption Modes | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0204 | Insecure Random API Usage | platform:android | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0314 | Runtime Monitoring of Text Fields Eligible for Keyboard Caching | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0060 | Testing Memory for Sensitive Data | platform:ios | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0301 | Runtime Use of APIs for Storing Unencrypted Data in Private Storage | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0300 | References to APIs for Storing Unencrypted Data in Private Storage | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0058 | Testing Backups for Sensitive Data | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0297 | Insertion of Sensitive Data into Logs | platform:ios | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0215 | Sensitive Data Not Marked For Backup Exclusion | platform:ios | profile:L1 | profile:L2 | profile:P | newstatus:new | |
| MASTG-TEST-0053 | Checking Logs for Sensitive Data | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0313 | References to APIs for Preventing Keyboard Caching of Text Fields | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0054 | Determining Whether Sensitive Data Is Shared with Third Parties | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0052 | Testing Local Data Storage | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0303 | References to APIs for Storing Unencrypted Data in Shared Storage | platform:ios | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0055 | Finding Sensitive Data in the Keyboard Cache | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0298 | Runtime Monitoring of Files Eligible for Backup | platform:ios | profile:L1 | profile:L2 | profile:P | newstatus:new | |
| MASTG-TEST-0296 | Sensitive Data Exposure Through Insecure Logging | platform:ios | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0302 | Sensitive Data Unencrypted in Private Storage Files | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0299 | Data Protection Classes for Files in Private Storage | platform:ios | profile:L1 | newstatus:new | |||
| MASTG-TEST-0281 | Undeclared Known Tracking Domains | platform:ios | profile:P | newstatus:new | |||
| MASTG-TEST-0276 | Use of the iOS General Pasteboard | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0279 | Pasteboard Contents Not Expiring | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0069 | Testing App Permissions | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0059 | Testing Auto-Generated Screenshots for Sensitive Information | platform:ios | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0072 | Testing App Extensions | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0076 | Testing iOS WebViews | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0278 | Pasteboard Contents Not Cleared After Use | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0280 | Pasteboard Contents Not Restricted to Local Device | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0057 | Checking for Sensitive Data Disclosed Through the User Interface | platform:ios | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0070 | Testing Universal Links | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0075 | Testing Custom URL Schemes | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0073 | Testing UIPasteboard | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0056 | Determining Whether Sensitive Data Is Exposed via IPC Mechanisms | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0078 | Determining Whether Native Methods Are Exposed Through WebViews | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0071 | Testing UIActivity Sharing | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0277 | Sensitive Data in the iOS General Pasteboard at Runtime | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0290 | Runtime Verification of Sensitive Content Exposure in Screenshots During App Backgrounding | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0077 | Testing WebView Protocol Handlers | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0079 | Testing Object Persistence | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0229 | Stack Canaries Not enabled | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0275 | Dependencies with Known Vulnerabilities in the App's SBOM | platform:ios | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0273 | Identify Dependencies with Known Vulnerabilities by Scanning Dependency Managers Artifacts | platform:ios | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0087 | Make Sure That Free Security Features Are Activated | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0085 | Checking for Weaknesses in Third Party Libraries | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0080 | Testing Enforced Updating | platform:ios | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0230 | Automatic Reference Counting (ARC) not enabled | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0086 | Memory Corruption Bugs | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0228 | Position Independent Code (PIC) not Enabled | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0067 | Testing Endpoint Identity Verification | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0068 | Testing Custom Certificate Stores and Certificate Pinning | platform:ios | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0066 | Testing the TLS Settings | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0065 | Testing Data Encryption on the Network | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | ||
| MASTG-TEST-0240 | Jailbreak Detection in Code | platform:ios | profile:R | newstatus:new | |||
| MASTG-TEST-0088 | Testing Jailbreak Detection | platform:ios | profile:R | deprecatedstatus:deprecated | |||
| MASTG-TEST-0246 | Runtime Use of Secure Screen Lock Detection APIs | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0081 | Making Sure that the App Is Properly Signed | platform:ios | profile:R | deprecatedstatus:deprecated | |||
| MASTG-TEST-0084 | Testing for Debugging Code and Verbose Error Logging | platform:ios | profile:R | update-pendingstatus:update-pending | |||
| MASTG-TEST-0093 | Testing Obfuscation | platform:ios | profile:R | update-pendingstatus:update-pending | |||
| MASTG-TEST-0248 | References to APIs for Detecting Secure Screen Lock | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0092 | Testing Emulator Detection | platform:ios | profile:R | update-pendingstatus:update-pending | |||
| MASTG-TEST-0082 | Testing whether the App is Debuggable | platform:ios | profile:R | deprecatedstatus:deprecated | |||
| MASTG-TEST-0090 | Testing File Integrity Checks | platform:ios | profile:R | update-pendingstatus:update-pending | |||
| MASTG-TEST-0083 | Testing for Debugging Symbols | platform:ios | profile:R | deprecatedstatus:deprecated | |||
| MASTG-TEST-0261 | Debuggable Entitlement Enabled in the entitlements.plist | platform:ios | profile:R | newstatus:new | |||
| MASTG-TEST-0241 | Runtime Use of Jailbreak Detection Techniques | platform:ios | profile:R | newstatus:new | |||
| MASTG-TEST-0219 | Testing for Debugging Symbols | platform:ios | profile:R | newstatus:new | |||
| MASTG-TEST-0089 | Testing Anti-Debugging Detection | platform:ios | profile:R | update-pendingstatus:update-pending | |||
| MASTG-TEST-0091 | Testing Reverse Engineering Tools Detection | platform:ios | profile:R | update-pendingstatus:update-pending | |||
| MASTG-TEST-0220 | Usage of Outdated Code Signature Format | platform:ios | profile:R | newstatus:new | |||
| MASTG-TEST-0270 | References to APIs Detecting Biometric Enrollment Changes | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0269 | Runtime Use Of APIs Allowing Fallback to Non-Biometric Authentication | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0268 | References to APIs Allowing Fallback to Non-Biometric Authentication | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0064 | Testing Biometric Authentication | platform:ios | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0266 | References to APIs for Event-Bound Biometric Authentication | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0271 | Runtime Use Of APIs Detecting Biometric Enrollment Changes | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0267 | Runtime Use Of Event-Bound Biometric Authentication | platform:ios | profile:L2 | newstatus:new | |||
| MASTG-TEST-0211 | Broken Hashing Algorithms | platform:ios | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0209 | Insufficient Key Sizes | platform:ios | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0213 | Use of Hardcoded Cryptographic Keys in Code | platform:ios | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0210 | Broken Symmetric Encryption Algorithms | platform:ios | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0317 | Broken Symmetric Encryption Modes | platform:ios | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0062 | Testing Key Management | platform:ios | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0214 | Hardcoded Cryptographic Keys in Files | platform:ios | profile:L1 | profile:L2 | newstatus:new | ||
| MASTG-TEST-0063 | Testing Random Number Generation | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0061 | Verifying the Configuration of Cryptographic Standard Algorithms | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | ||
| MASTG-TEST-0311 | Insecure Random API Usage | platform:ios | profile:L1 | profile:L2 | newstatus:new |