• Independent third-party validation
  • Identify key vulnerabilities
  • Highest commitment to security and privacy
  • Actively shape the safety of the Android ecosystem

What is MASA?

Mobile Application Security Assessment (MASA) is an industry led collaboration to improve application security through third party security assessments based on industry standards. The goal is to ensure safety in Google Play and the Android ecosystem and to provide more transparency to consumers.

MASA – The Assessment

As one of five authorised partners by the ADA (App Defense Alliance), DEKRA will conduct security assessments for Google partners and app developers. Achieving the assessment includes following steps:

Your Benefits

Security assessment reduces risks, identify and tests potential vulnerabilities, and examines software to ensure that an application is safe and meets adequate security compliance. Additional benefits are: 

  • Showcase the passed assessment in form of a Security Badge in the Data Safety Section of the app description
  • Provide more trust and transparency to your users about your commitment to security and privacy
  • Increase operational efficiency, addresse compliance requirements, reduce risks.
  • Through MASA, Google will recognize developers who have had their applications independently validated against a set of MASVS Level 1 requirements.

Does your application meet the required security standards?

Simply test it with our free pre-assessment.

Starting on the 20th of July 2022 you can either upload your APK File for pre-assessment in our system, identifying the key vulnerabilities and providing the opportunity to remedy these before the MASA. Or you can directly perform MASA. If you successfully pass the assessment you get a report and an issue letter. if you fail the assessment you need to remedy the issues and re-do the assessment.

The pre-assessment helps you to identify potential vulnerabilities within your app before the actual MASA and thereby provide the opportunity to remedy these. So you are saving time and money performing the pre-assessment upfront.

Performing regular security testing for applications can help to identify key vulnerabilities in apps and mitigate future liability. Google Play will allow developers who have gone through independent validation to showcase this on the data safety form.

Users can feel confident the apps have been vetted by external experts and have a higher assurance about the safety and security of those offerings.

FOWASP and MASVS is applicable to any mobile app. This includes a variety of app categories including IoT, fitness/health, social, comms, VPN, productivity and many more.

The scope of the assessment consists of client-side security, authentication to the backend/cloud service, and connectivity to the backend/cloud service looking at general security and some privacy best practices.

The assessment will review a subset of testable Level 1 MASVS requirements available on Github.

The certificate will be valid for one year. After that, a re-certification is required.

The assessment costs between $3-6K depending of the complexity of the app.

Once the necessary paperwork is completed necessary paperwork, the assessment can be expected within ten days. Timeframes for completion also vary depending on the ability to implement the changes.

MASA is intended to provide more transparency into the app’s security architecture, however the limited nature of testing does not guarantee complete safety of the application. This independent review may not be scoped to verify the accuracy and completeness of a developer’s data safety declarations. Developers remain solely responsible for making complete and accurate declarations in the app’s Play store listing.

Perhaps also interesting: