MASA Program Introduction

Written By Matt Harrigan

Leviathan is excited to announce our new Mobile Application Security Assessment (MASA) portal and service that allow Android App developers to quickly engage and complete MASA assessments and be certified within the Google Play Store.

MASA is a new set of guidelines introduced by the App Defense Alliance and used by Google to allow Android App developers to complete an independent security review that will be visible within the Google Play Store app page.

MASA is based on a subset of controls taken from the OWASP Mobile Application Security Verification Standard (MASVS). Assessments are completed against these controls to ensure a baseline security posture of the application. Once the app passes all tests, a letter of assessment is submitted to Google, and then the developer can showcase the security badge in the app data safety section.

How MASA with
Leviathan Security Works
Create
a MASA Account
Decide
on a Plan
Complete
the Assessment
Display Independent Security Verification
in Google Play

Get started today: themasa.io

Overview

Leviathan’s MASA program helps developers gain user trust by making your security and privacy controls transparent. Here’s how our MASA platform differs from our competitors:

Transparency of execution and timelines enables smooth integration of the MASA certification with your internal development and release planning. Different assessment plans are available to fit your needs. They are designed to accommodate your timelines without impacting quality and at the same time increasing your operational reliability.
Meaningful advice from our experts, based on well-structured requirements, makes remediation simple and fast. Retesting is included in the assessment plan.
Automated portal reduces communication efforts and makes collaboration effective and focused on finding the best solutions.
Security Badge in the Data Safety Section makes your application attractive and trustworthy for users and states compliance to MASA requirements.
SLA-based pricing provides affordable balance between time and price for application developers and matching release plans.

Testing Approach

For the MASA Program, our testing methodology includes both manual and automated methods to ensure that all controls defined by App Defense Alliance are present and working.

The scope includes a general overview of all communication streams, authentication, and client-side controls.The assessment is performed across six categories of MASVS Level 1, covering each angle of the app's functionality:

  • Data Storage and Privacy

  • Cryptography

  • Authentication and Session Management

  • Network Communication

  • Platform Interaction

  • Code Quality and Build Setting

Complete your assessment as quickly as three days through our portal: themasa.io

Matt Harrigan
Previous

Attacking Go's Lagged Fibonacci Generator
Next

Mobile Platform Scam and Phishing Prevention - Competitive Security Feature Review