MASVS-STORAGE
Checklists Updated (June 2025)
The checklists now includeall MASTG tests, as well as updated mappings to the newMAS profiles.
| MASVS-ID | MASTG-TEST-ID | Control / MASTG Test | Platform | L1 | L2 | R | P | Status |
|---|---|---|---|---|---|---|---|---|
| MASVS-STORAGE-1 | The app securely stores sensitive data. | |||||||
| MASTG-TEST-0207 | Runtime Storage of Unencrypted Data in the App Sandbox | platform:android | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0012 | Testing the Device-Access-Security Policy | platform:android | profile:L2 | deprecatedstatus:deprecated | ||||
| MASTG-TEST-0304 | Sensitive Data Stored Unencrypted via SQLite | platform:android | profile:L1 | profile:L2 | placeholderstatus:placeholder | |||
| MASTG-TEST-0200 | Files Written to External Storage | platform:android | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0287 | Sensitive Data Stored Unencrypted via the SharedPreferences API to the App Sandbox | platform:android | profile:L1 | profile:L2 | placeholderstatus:placeholder | |||
| MASTG-TEST-0306 | Sensitive Data Stored Unencrypted via Android Room DB | platform:android | profile:L1 | profile:L2 | placeholderstatus:placeholder | |||
| MASTG-TEST-0201 | Runtime Use of APIs to Access External Storage | platform:android | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0305 | Sensitive Data Stored Unencrypted via DataStore | platform:android | profile:L1 | profile:L2 | placeholderstatus:placeholder | |||
| MASTG-TEST-0001 | Testing Local Storage for Sensitive Data | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0202 | References to APIs and Permissions for Accessing External Storage | platform:android | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0301 | Runtime Use of APIs for Storing Unencrypted Data in Private Storage | platform:ios | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0300 | References to APIs for Storing Unencrypted Data in Private Storage | platform:ios | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0052 | Testing Local Data Storage | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0303 | References to APIs for Storing Unencrypted Data in Shared Storage | platform:ios | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0302 | Sensitive Data Unencrypted in Private Storage Files | platform:ios | profile:L2 | newstatus:new | ||||
| MASTG-TEST-0299 | Data Protection Classes for Files in Private Storage | platform:ios | profile:L1 | newstatus:new | ||||
| MASVS-STORAGE-2 | The app prevents leakage of sensitive data. | |||||||
| MASTG-TEST-0231 | References to Logging APIs | platform:android | profile:L1 | profile:L2 | profile:P | newstatus:new | ||
| MASTG-TEST-0006 | Determining Whether the Keyboard Cache Is Disabled for Text Input Fields | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0004 | Determining Whether Sensitive Data Is Shared with Third Parties via Embedded Services | platform:android | profile:L1 | profile:L2 | update-pendingstatus:update-pending | |||
| MASTG-TEST-0003 | Testing Logs for Sensitive Data | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0262 | References to Backup Configurations Not Excluding Sensitive Data | platform:android | profile:L1 | profile:L2 | profile:P | newstatus:new | ||
| MASTG-TEST-0009 | Testing Backups for Sensitive Data | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0005 | Determining Whether Sensitive Data Is Shared with Third Parties via Notifications | platform:android | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0203 | Runtime Use of Logging APIs | platform:android | profile:L1 | profile:L2 | profile:P | newstatus:new | ||
| MASTG-TEST-0216 | Sensitive Data Not Excluded From Backup | platform:android | profile:L1 | profile:L2 | profile:P | newstatus:new | ||
| MASTG-TEST-0011 | Testing Memory for Sensitive Data | platform:android | profile:L2 | deprecatedstatus:deprecated | ||||
| MASTG-TEST-0060 | Testing Memory for Sensitive Data | platform:ios | profile:L2 | deprecatedstatus:deprecated | ||||
| MASTG-TEST-0058 | Testing Backups for Sensitive Data | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0297 | Insertion of Sensitive Data into Logs | platform:ios | profile:L1 | profile:L2 | newstatus:new | |||
| MASTG-TEST-0215 | Sensitive Data Not Marked For Backup Exclusion | platform:ios | profile:L1 | profile:L2 | profile:P | newstatus:new | ||
| MASTG-TEST-0053 | Checking Logs for Sensitive Data | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0054 | Determining Whether Sensitive Data Is Shared with Third Parties | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0055 | Finding Sensitive Data in the Keyboard Cache | platform:ios | profile:L1 | profile:L2 | deprecatedstatus:deprecated | |||
| MASTG-TEST-0298 | Runtime Monitoring of Files Eligible for Backup | platform:ios | profile:L1 | profile:L2 | profile:P | newstatus:new | ||
| MASTG-TEST-0296 | Sensitive Data Exposure Through Insecure Logging | platform:ios | profile:L1 | profile:L2 | newstatus:new |