This document is automatically generated at

V1.2-RC 5 October 2019 - Pre-release (English only)

The following changes are part of release 1.2:

  • Promoted to flagship status.

  • Requirement changed: MSTG-STORAGE-1 "need to be used".

  • Requirements MSTG-STORAGE-13, MSTG-STORAGE-14, and MSTG-STORAGE-15 are added with a focus on data protection.

  • Requirement MSTG-AUTH-11 is updated to preserve contextual information.

  • Requirement MSTG‑CODE‑4 is updated to cover more than just debugging.

  • Requirement MSTG‑PLATFORM‑10 added to further secure usage of WebViews.

  • Requirement MSTG‑AUTH‑12 added to remind developers of having authorizations implemented, especially in case of multi-user apps.

  • Added a little more description on how the MASVS should be used given a risk assessment.

  • Added a little more description on paid content.

  • Requirement MSTG‑ARCH‑11 added to include a Responsible Disclosure policy for L2 applications.

  • Requirement MSTG‑ARCH‑12 added to show application developers that relevant international privacy laws should be followed.

  • Created a consistent style for all references in the English version.

  • Requirement MSTG‑PLATFORM‑11 added to counter spying via third party keyboards.

  • Requirement MSTG-MSTG‑RESILIENCE‑13 added to impede eavesdropping at an application.

V1.1.4 4 July 2019 - Summit edition

The following changes are part of release 1.1.4:

  • Fix all markdown issues.

  • Updates in the French and Spanish translations.

  • Translated the changelog to Chinese (ZHTW) and Japanese.

  • Automated verification of the the markdown syntax and reachability of the URLs.

  • Added identification codes to the requirements, which will be included in the future version of the MSTG in order to find the recommendations and testcases easily.

  • Reduced the repo size and added Generated to the .gitignore.

  • Added a Code of Conduct & Contributing guidelines.

  • Added a Pull-Request template.

  • Updated the sync with the repo in use for hosting the Gitbook website.

  • Updated the scripts to generate XML/JSON/CSV for all the translations.

  • Translated the Foreword to Chinese (ZHTW).

V1.1.3 9 January 2019 - Small fixes

  • Fix translation issue of requirement 7.1 in the Spanish version

  • New setup of translators in acknowledgements

V1.1.2 3 January 2019 - Sponsorship and internationalization

The following changes are part of release 1.1.2:

  • Added thank you note for buyers of the e-book.

  • Added missing authentication link & updated broken authentication link in V4.

  • Fixed swap of 4.7 and 4.8 in English.

  • First international release!

    • Fixes in Spanish translation. Translation is now in sync with English (1.1.2).

    • Fixes in Russian translation. Translation is now in sync with English (1.1.2).

    • Added first release of Chinese (ZHTW) French, German, and Japanese!

  • Simplified document for ease of translation.

  • Added instructions for automated releases.

V1.1.0 14 July 2018

The following changes are part of release 1.1:

  • Requirement 2.6 "The clipboard is deactivated on text fields that may contain sensitive data." was removed.

  • Requirement 2.2 "No sensitive data should be stored outside of the app container or system credential storage facilities." was added.

  • Requirement 2.1 was reworded to "System credential storage facilities are used appropriately to store sensitive data, such as PII, user credentials or cryptographic keys.".

V1.0 12 January 2018

The following changes are part of release 1.0:

  • Delete 8.9 as the same as 8.12

  • Made 4.6 more generic

  • Minor fixes (typos etc.)