MASA
A trusted security standard for mobile applications
MASA sets a baseline of testable security requirements, with independent validation against a common standard.
MASA
A trusted security standard for mobile applications
MASA sets a baseline of testable security requirements, with independent validation against a common standard.
OVERVIEW
MASA gives developers a consistent, testable standard for securing mobile applications and defines a baseline set of security requirements with clear acceptance criteria.
Mobile applications handle sensitive user data and are a frequent target for attackers. MASA focuses on the requirements that reduce the vulnerabilities most likely to put data at risk.
The standard builds on the OWASP Mobile Application Security Verification Standard (MASVS) and its companion testing guide, with an emphasis on testable requirements.
Program Benefits
Common standard
Developers work from a single set of requirements across mobile operating systems.
Independent evaluation
Apps are assessed by an Authorized Lab against a common standard.
Built on open standards
Requirements grounded in the OWASP MASVS and its companion testing guide.
Certification Requirements
Every application is measured against the same set of control groups, drawn from the OWASP MASVS. For an application to be MASA-certified, the developer must meet all requirements applicable to their app.
Storage
Securely storing sensitive data and preventing unintentional leaks
Cryptography
Using strong cryptography and managing keys according to best practices
Authentication and Authorization
Following secure authentication and authorization protocols
Network
Securing all network traffic according to current best practices
Platform
Using IPC mechanisms, WebViews, and the user interface securely
Code
Requiring an up-to-date platform, avoiding known vulnerable components, and validating untrusted inputs
Resilience
Implementing anti-tampering, anti-static, and anti-dynamic analysis protections
Privacy
Minimizing data access, being transparent about collection, and giving users control over their data
Certification Validity
MASA certification is valid for 365 days from the date of issue. See Certification for how validity, renewal, and revocation work across all Alliance programs.
Get Certified
MASA certification is handled through the Alliance's authorized labs, with the depth of review set by your assurance level. The Certify your app page walks through the full process.