For MASA AL1, the lab will test the public version of the app (available in the Play Store) using automation tooling and provide a questionnaire for developers to self-attest to a subset of MASA requirements. Upon meeting all requirements, the lab sends a Validation Report to Google as confirmation. The process typically takes 2-3 days.
Process:
Initiation
Contact an Authorized Lab. Collaborate with the lab to finalize funding arrangements and complete any required paperwork. The developer will then complete a self-attestation form confirming MASA requirements using a "Yes, No, N/A" format. Upon completion, the lab will allocate resources and begin the assessment.
Scan
The lab conducts a static scan with specialized tools to identify security vulnerabilities, then provides a testing report to the developer. The developer submits evidence for questions requiring further information.
Upon completion of the evaluation, one of these scenarios is possible:
- No issues found: The developer can move on to the completion step.
- Remediation: If any issues are found, the lab will provide a test report directly to the developer with remediation suggestions. The developer has 60 days from the date of the test report to address any identified issues.
Completion
The lab issues a validation report to Google confirming that the app meets the security requirements. The application is listed in the ADA Directory. The developer will not be able to display the Independent Security Review badge.
Click here to learn more about MASA and see answers to common questions.