MASVS-CRYPTO
Checklists Updated (June 2025)
The checklists now includeall MASTG tests, as well as updated mappings to the newMAS profiles.
| MASVS-ID | MASTG-TEST-ID | Control / MASTG Test | Platform | L1 | L2 | R | P | Status |
|---|---|---|---|---|---|---|---|---|
| MASVS-CRYPTO-1 | The app employs current strong cryptography and uses it according to industry best practices. | |||||||
| MASTG-TEST-0014 | Testing the Configuration of Cryptographic Standard Algorithms | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0221 | Broken Symmetric Encryption Algorithms | platform:android | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0310 | Runtime Use of Reused Initialization Vectors in Symmetric Encryption | platform:android | profile:L2 | placeholderstatus:placeholder | ||||
| MASTG-TEST-0016 | Testing Random Number Generation | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0309 | References to Reused Initialization Vectors in Symmetric Encryption | platform:android | profile:L2 | placeholderstatus:placeholder | ||||
| MASTG-TEST-0312 | References to Explicit Security Provider in Cryptographic APIs | platform:android | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0013 | Testing Symmetric Cryptography | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0205 | Non-random Sources Usage | platform:android | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0232 | Broken Symmetric Encryption Modes | platform:android | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0204 | Insecure Random API Usage | platform:android | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0211 | Broken Hashing Algorithms | platform:ios | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0210 | Broken Symmetric Encryption Algorithms | platform:ios | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0317 | Broken Symmetric Encryption Modes | platform:ios | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0063 | Testing Random Number Generation | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0061 | Verifying the Configuration of Cryptographic Standard Algorithms | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0311 | Insecure Random API Usage | platform:ios | profile:L1 | profile:L2 | newstatus:new | |||
| MASVS-CRYPTO-2 | The app performs key management according to industry best practices. | |||||||
| MASTG-TEST-0308 | Runtime Use of Asymmetric Key Pairs Used For Multiple Purposes | platform:android | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0212 | Use of Hardcoded Cryptographic Keys in Code | platform:android | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0015 | Testing the Purposes of Keys | platform:android | profile:L2 | deprecatedstatus:deprecated | ||||
| MASTG-TEST-0307 | References to Asymmetric Key Pairs Used For Multiple Purposes | platform:android | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0208 | Insufficient Key Sizes | platform:android | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0209 | Insufficient Key Sizes | platform:ios | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0213 | Use of Hardcoded Cryptographic Keys in Code | platform:ios | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0062 | Testing Key Management | platform:ios | profile:L2 | deprecatedstatus:deprecated | ||||
| MASTG-TEST-0214 | Hardcoded Cryptographic Keys in Files | platform:ios | profile:L1 | profile:L2 | newstatus:new |