Mobile Application Security Assessment (MASA)
A comprehensive and standardized framework developed in collaboration between Leviathan Security Group and the App Defense Alliance (ADA) to assess and harden the security of mobile applications, based on the industry-recognized OWASP Mobile Application Security Verification Standard (MASVS).
Simplify Your Path to Compliance
Our simplified approach allows us to provide the most appropriate level of assurance for each application, depending on its user, scope, and context.
Offering a white-glove experience to our clients, Leviathan takes care of the pain points involved in the process and delivers clear and transparent results.
With Leviathan, you can trust us to handle your MASA audits with professionalism and efficiency.
No Rush
$2,000
Best for projects with flexible deadlines.
✔ Start your assessment within 30 days
✔ 1 round of retesting
Standard
$4,000
Aligns with standard project timelines, ensuring a timely security evaluation.
✔ Start your assessment within 10 days
✔ 1 round of retesting
Priority
$6,000
The fastest route for projects with imminent deadlines.
✔ Start your assessment within 2 days
✔ 1 round of retesting
Mobile Application Security Assessment (MASA) Benefits
Independent Security Review Badge
Signals to users that an independent third-party has validated that you have designed your apps to meet industry accepted mobile security and privacy best practices and that you are going the extra mile to identify and mitigate vulnerabilities.
App Validation Directory
Users also have the ability to “Learn More” about your app, which redirects them to the App Validation Directory, a centralized place to view all apps that have completed an independent security review.
Users can also discover additional technical assessment details in the App Validation Directory, helping them to make more informed decisions about what apps to download, use, and trust with their data.
Frequently Asked Questions (FAQs)
How do I know I need a mobile application security assessment?
MASA is a recommended program offered by Google to provide your app greater visibility within the Google Play Store.
What do I need to provide to have my app tested?
The only thing we need to proceed with our testing process is the link to your app’s listing on the Google Play Store.
We download the publicly available APK and conduct our testing from there.
How long does the entire testing process usually take?
In most cases, the entire process will take around two to three weeks to complete. This is highly dependent on how much time developers may require for implementing corrections to any high or critical vulnerabilities discovered during the testing process.
How often does an application need to be verified?
Apps that access restricted scopes are required to complete an assessment every twelve (12) months. The 12-month period is calculated from the effective date of the app’s previous Validation Letter.
What happens if you discover a vulnerability in an application?
All vulnerabilities discovered that are rated as “High” or “Critical” must be corrected before the final Validation Letter can be provided. Leviathan will work with you to provide recommendations on how to correct the issues discovered and will validate that the corrections were implemented properly.
Who submits the assessment results?
Once testing is completed for you app and all outstanding issues with high or critical severity have been corrected, Leviathan will submit your Validation Letter to Google.