Welcome to the Mobile Application Security Verification Standard (MASVS). The MASVS is a community effort to establish a framework of security requirements needed to design, develop and test secure mobile apps on iOS and Android.

The MASVS is a culmination of community effort and industry feedback. We expect this standard to evolve over time and welcome feedback from the community.

The best way to get in contact with us is via the OWASP Mobile Project Slack channel: .

Accounts can be created at the following URL:

Copyright © 2021 The OWASP Foundation. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. For any reuse or distribution, you must make clear to others the license terms of this work.


Project LeadLead AuthorContributors and Reviewers

Sven Schleier and Carlos Holguera

Bernhard Mueller, Sven Schleier, Jeroen Willemsen and Carlos Holguera

Alexander Antukh, Mesheryakov Aleksey, Elderov Ali, Bachevsky Artem, Jeroen Beckers, Jon-Anthoney de Boer, Damien Clochard, Ben Cheney, Will Chilcutt, Stephen Corbiaux, Manuel Delgado, Ratchenko Denis, Ryan Dewhurst, @empty_jack, Ben Gardiner, Anton Glezman, Josh Grossman, Sjoerd Langkemper, Vinícius Henrique Marangoni, Martin Marsicano, Roberto Martelloni, @PierrickV, Julia Potapenko, Andrew Orobator, Mehrad Rafii, Javier Ruiz, Abhinav Sejpal, Stefaan Seys, Yogesh Sharma, Prabhant Singh, Nikhil Soni, Anant Shrivastava, Francesco Stillavato, Abdessamad Temmar, Pauchard Thomas, Lukasz Wierzbicki

LanguageTranslators & Reviewers

Brazilian Portuguese

Mateus Polastro, Humberto Junior, Rodrigo Araujo, Maurício Ariza, Fernando Galves

Chinese (Traditonal)

Peter Chi, Lex Chien, Henry Hu, Leo Wang

Chinese (Simplified)

Bob Peng, Harold Zang, Jack S


Romuald Szkudlarek, Abderrahmane Aftahi, Christian Dong (Review)


Rocco Gränitz, Sven Schleier (Review)


Mukesh Sharma, Ritesh Kumar, Kunwar Atul Singh, Parag Dave, Devendra Kumar Sinha, Vikrant Shah


Koki Takeyama, Riotaro Okada (Review)


Youngjae Jeon, Jeongwon Cho, Jiyou Han, Jiyeon Sung


Hamed Salimian, Ramin Atefinia, Dorna Azhirak, Bardiya Akbari, Mahsa Omidvar, Alireza Mazhari, Milad Khoshdel


Ana Filipa Mota, Fernando Nogueira, Filipa Gomes, Luis Fontes, Sónia Dias


Gall Maxim, Eugen Martynov, Chelnokov Vladislav (Review), Oprya Egor (Review), Tereshin Dmitry (Review)


Martin Marsicano, Carlos Holguera

This document started as a fork of the OWASP Application Security Verification Standard written by Jim Manico.


While both the MASVS and the MSTG are created and maintained by the community on a voluntary basis, sometimes a little bit of outside help is required. We therefore thank our donators for providing the funds to be able to hire technical editors. Note that their donation does not influence the content of the MASVS or MSTG in any way. The Donation Packages are described on the OWASP Project Wiki.

We would like to thank everybody that bought the book from Leanpub and sponsored us that way.

Last updated