Mobile Application Security Assessment

Take your application security to the next level with MASA, a collaborative industry initiative.

Elevate your application security to a higher level with MASA L1

Through standards-based third-party security assessments, the goal is to ensure security in Google Play and the Android ecosystem while providing greater transparency to consumers.

Learn More

Plan A

The best plan for large app review

$320 /app

GET IT

5 App Analysis

1 Year Validity

1 Retest per app

Plan B

The perfect plan for medium app review

$360 /app

GET IT

3 App Analysis

1 Year Validity

1 Retest per app

Plan C

The perfect plan for simple app review

$499 /app

GET IT

1 App Analysis

1 Year Validity

1 Retest per app

Enjoy a 20% discount on your first purchase!

App Defense Alliance (ADA) Directory

Users also have the ability to “Learn More” about your app, which redirects them to the ADA directory, a centralized place to view all apps that have completed an independent security review. Users can also discover additional technical assessment details in the ADA directory, helping them to make more informed decisions about what apps to download, use, and trust with their data.

Learn More

FAQ

What is MASA L1?

MASA-L1 provides a baseline for the most fundamental security requirements and best practices that every mobile app should meet to protect against common threats.

This profile emphasizes adhering to secure defaults provided by the OS and frameworks and implementing well-recognized security measures considered 'essential'. These include, for example, using TLS or up-to-date strong cryptography. Certain tests are included due to their minimal implementation effort relative to their significant security enhancement.

MASA-L1 is recommended for:

All mobile apps as a baseline.
Apps that only deal with (user) low-risk sensitive data and do not contain sensitive functionality.

What is the difference between MASA L1 and MASA L2?

MASA-L1 - Essential Security

MASA-L1 provides a baseline for the most fundamental security requirements and best practices that every mobile app should meet to protect against common threats.

This profile emphasizes adhering to secure defaults provided by the OS and frameworks and implementing well-recognized security measures considered 'essential'.

MASA-L1 is recommended for:

All mobile apps as a baseline.
Apps that only deal with (user) low-risk sensitive data and do not contain sensitive functionality.

MASA-L2 - Advanced Security

MASA-L2 extends MAS-L1 introducing additional security measures and best practices for mobile apps to address advanced threats. requiring more rigorous threat modeling and testing strategies.

MASA-L2 is recommended for:

Apps that handle high-risk sensitive data and contain sensitive functionality.

Get More Information

What does the process look like?

Starting on the 20th of July 2022 you can either upload your APK File for pre-assessment in our system, identifying the key vulnerabilities and providing the opportunity to remedy these before the MASA.

If you successfully pass the assessment, you get a report and an issue letter. if you fail the assessment you need to remedy the issues and re-do the assessment.

What’s the value for developers?

Performing regular security testing for applications can help identify key vulnerabilities in apps and mitigate future liability. Google Play will allow developers who have gone through independent validation to showcase this on the data safety form.

What’s the value for the end users?

Users can feel confident the apps have been vetted by external experts and have a higher assurance about the safety and security of those offerings.

What types of apps are applicable?

OWASP and MASVS apply to any mobile app. This includes a variety of app categories including IoT, fitness/health, social, comms, VPN, productivity and many more.

What is the scope of the assessment?

The scope of the assessment consists of client-side security, authentication to the backend/cloud service, and connectivity to the backend/cloud service looking at general security, cryptography, data storageand some privacy best practices.

What type of test cases will this assessment cover?

The assessment will review a subset of testable Level 1 MASVS requirements available on App Defense Alliance.

How long is the certificate valid?

The certificate will be valid for one year. After that, a re-certification is required.