MASVS-CRYPTO

Checklists Updated (June 2025)

The checklists now include all MASTG tests, as well as updated mappings to the new MAS profiles.

MASVS-ID MASTG-TEST-ID Control / MASTG Test Platform L1 L2 R P Status
MASVS-CRYPTO-1 The app employs current strong cryptography and uses it according to industry best practices.
MASTG-TEST-0205MASTG-TEST-0205 Non-random Sources Usage platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0013MASTG-TEST-0013 Testing Symmetric Cryptography platform:android profile:L1 profile:L2 deprecatedstatus:deprecated
MASTG-TEST-0204MASTG-TEST-0204 Insecure Random API Usage platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0014MASTG-TEST-0014 Testing the Configuration of Cryptographic Standard Algorithms platform:android profile:L1 profile:L2 update-pendingstatus:update-pending
MASTG-TEST-0221MASTG-TEST-0221 Weak Symmetric Encryption Algorithms platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0232MASTG-TEST-0232 Weak Symmetric Encryption Modes platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0016MASTG-TEST-0016 Testing Random Number Generation platform:android profile:L1 profile:L2 deprecatedstatus:deprecated
MASTG-TEST-0211MASTG-TEST-0211 Weak Hashing Algorithms platform:ios profile:L1 profile:L2 newstatus:new
MASTG-TEST-0061MASTG-TEST-0061 Verifying the Configuration of Cryptographic Standard Algorithms platform:ios profile:L1 profile:L2 deprecatedstatus:deprecated
MASTG-TEST-0210MASTG-TEST-0210 Weak Encryption Algorithms platform:ios profile:L1 profile:L2 newstatus:new
MASTG-TEST-0063MASTG-TEST-0063 Testing Random Number Generation platform:ios profile:L1 profile:L2 update-pendingstatus:update-pending
MASVS-CRYPTO-2 The app performs key management according to industry best practices.
MASTG-TEST-0208MASTG-TEST-0208 Inappropriate Key Sizes platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0015MASTG-TEST-0015 Testing the Purposes of Keys platform:android profile:L2 update-pendingstatus:update-pending
MASTG-TEST-0212MASTG-TEST-0212 Use of Hardcoded Cryptographic Keys in Code platform:android profile:L1 profile:L2 newstatus:new
MASTG-TEST-0209MASTG-TEST-0209 Inappropriate Key Sizes platform:ios profile:L1 profile:L2 newstatus:new
MASTG-TEST-0213MASTG-TEST-0213 Use of Hardcoded Cryptographic Keys in Code platform:ios profile:L1 profile:L2 newstatus:new
MASTG-TEST-0062MASTG-TEST-0062 Testing Key Management platform:ios profile:L2 deprecatedstatus:deprecated
MASTG-TEST-0214MASTG-TEST-0214 Hardcoded Cryptographic Keys in Files platform:ios profile:L1 profile:L2 newstatus:new