PLAN A
The best plan for large app review
Register now!
HomepageBusiness CustomersAll ServicesDigital & Product SolutionsCybersecurity ServicesConsumer IoT Cybersecurity Mobile Application Security Assessment
MASA
Ensuring robust mobile application security is crucial in today's digital landscape. Mobile Application Security Assessment (MASA) is an industry-led collaboration to improve application security through third-party security assessments based on industry standards. The goal is to ensure the security of Google Play and the Android ecosystem and provide greater transparency to consumers.
As one of five authorized partners from the App Defense Alliance (ADA), DEKRA conducts thorough mobile app security assessments to ensure your applications meet robust security standards.
MASA Level 1: Essential Security
MASA L1 focuses on essential security controls, providing a baseline for the security best practices that every mobile app should meet to protect against common threats, regardless of their functionality or the sensitivity of the data handled.
The goal of MASA L1 is to ensure a baseline level of security in order to prevent commonly seen vulnerabilities. DEKRA, as an accredited lab, emphasizes adhering to secure defaults provided by the OS, frameworks and implementing well recognized security measures considered “fundamental”. These include, using TLS or up-to-date strong cryptography. It is important to recall that certain tests are included due to their minimal implementation effort relative to their significant security enhancement.
MASA L1 is recommended for:
- All mobile apps as a baseline.
- Apps that only deal with (user) low-risk sensitive data and do not contain sensitive functionality.
App Defense Alliance (ADA) Directory
Users also have the ability to “Learn More” about your app, which redirects them to the ADA directory, a centralized place to view all apps that have completed an independent security review. Users can also discover additional technical assessment details in the ADA directory, helping them to make more informed decisions about what apps to download, use, and trust with their data.
MASA Level 2: Advanced Security
MASA L2 extends MASA L1 by introducing additional security measures and controls for mobile applications that exceed standard requirements to address advanced threats.
The goal of MASA L2 is to offer more thorough protection against sophisticated cyber-attacks, especially focusing on areas dedicated to data validation, authentication and session management or high – level cryptographic standards, among others. MASA L2 requires more rigorous threat modeling and testing strategies as these controls are designed to offer a higher level of protection to ensure the security of all applications that deal with sensitive data and mitigate risks.
MASA L2 is recommended for:
- Mobile Applications that handle high – risk sensitive data and contain sensitive functionality.
Mobile Application Security Assessment Key Beneftis
- Security Badge in the Data Safety Section (Level 2)
- Increased trust and transparency for users
- Enhanced operational efficiency and reduced risks
The Importance of Mobile App Security
In today's digital era, mobile apps are essential for day-to-day activities but constantly face various threats. Vulnerabilities can lead to data breaches that damage business operations, reputation, and financial stability.
MASA addresses these challenges with evaluations based on industry standards, ensuring:
- Enhanced protection against cyber threats
- Improved compliance with security regulations
By adhering to MASA standards, developers can demonstrate their commitment to security, making their apps more appealing and trustworthy to users. As a Google Authorized Lab for MASA, DEKRA has conducted the most evaluations up to date.
Our Approach to MASA
Reach out to us through our contact form to learn more about the benefits of DEKRA's Mobile Application Security Assessment.
Common Questions about Mobile Application Security Assessment
Starting on the 20th of July 2022 you can either upload your APK File for pre-assessment in our system, identifying the key vulnerabilities and providing the opportunity to remedy these before the MASA. If you successfully pass the assessment, you get a report and an issue letter. If you fail the assessment you need to remedy the issues and re-do the assessment.
Performing regular security testing for applications can help identify key vulnerabilities in apps and mitigate future liability. Google Play will allow developers who have gone through independent validation to showcase this on the data safety form.
Users can feel confident the apps have been vetted by external experts and have a higher assurance about the safety and security of those offerings.
OWASP and MASVS apply to any mobile app. This includes a variety of app categories including IoT, fitness/health, social, comms, VPN, productivity and many more.
The scope of the assessment consists of client-side security, authentication to the backend/cloud service, and connectivity to the backend/cloud service looking at general security, cryptography, data storage and some privacy best practices.
The assessment will review a subset of testable Level 1 MASVS requirements available on App Defense Alliance.
The certificate will be valid for one year. After that, a re-certification is required.
The assessment costs between $3-6K depending on the complexity of the app for MASA L2.
Once the necessary paperwork is completed, the assessment can be expected within ten days. Timeframes for completion also vary depending on the ability to implement the changes.
Mobile Device Security Certification Scheme
The MDS Certification Scheme validates that mobile devices meet security standards and their conformance to the requirements defined in the ETSI TS 103 732 series.
Details
Amazon Alexa Voice Service
The Alexa Voice Service enables device makers to integrate Alexa into a variety of products, from smartphones and smart speakers to home appliances and wearables.
Details
Radio Equipment Directive (RED)
DEKRA provides Radio Equipment Directive (RED) services to safeguard your digital assets and ensure compliance with RED and other relevant regulations.
Details