Mobile Application Security Assessment

Overview

Investing in mobile security is critical to ensure app safety for Google Play's billions of users. OWASP (the Open Web Application Security Project) has established itself as a highly respected industry standard for mobile application security. Their published set of security requirements, Mobile Application Security Verification Standard (MASVS) provides a set of baseline security criteria for developers. Along with their published set of testing criteria, MSTG (Mobile Security Testing Guide), OWASP offers an objective means for developers to have their apps evaluated against a common standard. Developers can work directly with a Google Authorized Lab partner to initiate the security assessment. Through MASA, Google will recognize developers who have had their applications independently validated against a set of MASVS Level 1 requirements.

CASA framework
Figure 1: MASA framework

Benefits

Performing regular security testing can help developers identify key vulnerabilities in their apps. Google Play will allow developers who have completed independent validation to showcase this on their Data safety section. This helps users feel more confident about an app's commitment to security and privacy.

How it works

Google is working with a small group of developers to capture their feedback as we evolve the program. If you are a developer and interested in participating, please complete this form. Our team will reach out with more information once the program becomes more widely available. To proactively get your app in good shape ahead of an independent security review, we recommend you review our Github page for additional information.

Disclaimer

MASA is intended to provide more transparency into the app's security architecture, however the limited nature of testing does not guarantee complete safety of the application. This independent review may not be scoped to verify the accuracy and completeness of a developer's Data safety declarations. Developers remain solely responsible for making complete and accurate declarations in their app's Play store listing.

FAQs

Click here to learn more about MASA and see answers to common questions.

Our partners

Google is onboarding a set of Authorized Labs to perform the app assessments. All the Authorized Labs provide comprehensive security testing and offer developers the means to obtain certification against published standards. If you are interested in becoming a lab partner, please submit the form here with your company details.