MASVS-PLATFORM
Checklists Updated (June 2025)
The checklists now includeall MASTG tests, as well as updated mappings to the newMAS profiles.
| MASVS-ID | MASTG-TEST-ID | Control / MASTG Test | Platform | L1 | L2 | R | P | Status |
|---|---|---|---|---|---|---|---|---|
| MASVS-PLATFORM-1 | The app uses IPC mechanisms securely. | |||||||
| MASTG-TEST-0028 | Testing Deep Links | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0007 | Determining Whether Sensitive Stored Data Has Been Exposed via IPC Mechanisms | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0029 | Testing for Sensitive Functionality Exposure Through IPC | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0024 | Testing for App Permissions | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0030 | Testing for Vulnerable Implementation of PendingIntent | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0069 | Testing App Permissions | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0072 | Testing App Extensions | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0070 | Testing Universal Links | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0075 | Testing Custom URL Schemes | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0073 | Testing UIPasteboard | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0056 | Determining Whether Sensitive Data Is Exposed via IPC Mechanisms | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0071 | Testing UIActivity Sharing | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASVS-PLATFORM-2 | The app uses WebViews securely. | |||||||
| MASTG-TEST-0033 | Testing for Java Objects Exposed Through WebViews | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0037 | Testing WebViews Cleanup | platform:android | profile:L2 | update-pendingstatus:update-pending | ||||
| MASTG-TEST-0250 | References to Content Provider Access in WebViews | platform:android | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0251 | Runtime Use of Content Provider Access APIs in WebViews | platform:android | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0252 | References to Local File Access in WebViews | platform:android | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0253 | Runtime Use of Local File Access APIs in WebViews | platform:android | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0031 | Testing JavaScript Execution in WebViews | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0032 | Testing WebView Protocol Handlers | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0076 | Testing iOS WebViews | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0078 | Determining Whether Native Methods Are Exposed Through WebViews | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0077 | Testing WebView Protocol Handlers | platform:ios | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASVS-PLATFORM-3 | The app uses the user interface securely. | |||||||
| MASTG-TEST-0008 | Checking for Sensitive Data Disclosure Through the User Interface | platform:android | profile:L2 | deprecatedstatus:deprecated | ||||
| MASTG-TEST-0289 | Runtime Verification of Sensitive Content Exposure in Screenshots During App Backgrounding | platform:android | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0291 | References to Screen Capturing Prevention APIs | platform:android | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0315 | Sensitive Data Exposed via Notifications | platform:android | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0293 | setSecure Not Used to Prevent Screenshots in SurfaceViews | platform:android | profile:L2 | placeholderstatus:placeholder | ||||
| MASTG-TEST-0294 | SecureOn Not Used to Prevent Screenshots in Compose Dialogs | platform:android | profile:L2 | placeholderstatus:placeholder | ||||
| MASTG-TEST-0010 | Finding Sensitive Information in Auto-Generated Screenshots | platform:android | profile:L2 | deprecatedstatus:deprecated | ||||
| MASTG-TEST-0316 | App Exposing User Authentication Data in Text Input Fields | platform:android | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0035 | Testing for Overlay Attacks | platform:android | profile:L2 | update-pendingstatus:update-pending | ||||
| MASTG-TEST-0258 | References to Keyboard Caching Attributes in UI Elements | platform:android | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0292 | setRecentsScreenshotEnabled Not Used to Prevent Screenshots When Backgrounded | platform:android | profile:L2 | placeholderstatus:placeholder | ||||
| MASTG-TEST-0314 | Runtime Monitoring of Text Fields Eligible for Keyboard Caching | platform:ios | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0313 | References to APIs for Preventing Keyboard Caching of Text Fields | platform:ios | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0276 | Use of the iOS General Pasteboard | platform:ios | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0279 | Pasteboard Contents Not Expiring | platform:ios | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0059 | Testing Auto-Generated Screenshots for Sensitive Information | platform:ios | profile:L2 | deprecatedstatus:deprecated | ||||
| MASTG-TEST-0278 | Pasteboard Contents Not Cleared After Use | platform:ios | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0280 | Pasteboard Contents Not Restricted to Local Device | platform:ios | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0057 | Checking for Sensitive Data Disclosed Through the User Interface | platform:ios | profile:L2 | update-pendingstatus:update-pending | ||||
| MASTG-TEST-0277 | Sensitive Data in the iOS General Pasteboard at Runtime | platform:ios | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0290 | Runtime Verification of Sensitive Content Exposure in Screenshots During App Backgrounding | platform:ios | profile:L2 | newstatus:new |