V1.2 - 7 March 2020 - International Release

The following changes are part of release 1.2:

  • Translation in simplified Chinese of the MASVS available.

  • Change of title in MASVS book cover.

  • Removed Mobile Top 10 and CWE from MSTG and merged to existing references in MASVS.

V1.2-RC - 5 October 2019 - Pre-release (English only)

The following changes are part of pre-release 1.2:

  • Promoted to flagship status.

  • Requirement changed: MSTG-STORAGE-1 "need to be used".

  • Requirements MSTG-STORAGE-13, MSTG-STORAGE-14, and MSTG-STORAGE-15 are added with a focus on data protection.

  • Requirement MSTG-AUTH-11 is updated to preserve contextual information.

  • Requirement MSTG-CODE-4 is updated to cover more than just debugging.

  • Requirement MSTG-PLATFORM-10 added to further secure usage of WebViews.

  • Requirement MSTG-AUTH-12 added to remind developers of having authorizations implemented, especially in case of multi-user apps.

  • Added a little more description on how the MASVS should be used given a risk assessment.

  • Added a little more description on paid content.

  • Requirement MSTG-ARCH-11 added to include a Responsible Disclosure policy for L2 applications.

  • Requirement MSTG-ARCH-12 added to show application developers that relevant international privacy laws should be followed.

  • Created a consistent style for all references in the English version.

  • Requirement MSTG-PLATFORM-11 added to counter spying via third party keyboards.

  • Requirement MSTG-MSTG-RESILIENCE-13 added to impede eavesdropping at an application.

V1.1.4 - 4 July 2019 - Summit edition

The following changes are part of release 1.1.4:

  • Fix all markdown issues.

  • Updates in the French and Spanish translations.

  • Translated the changelog to Chinese (ZHTW) and Japanese.

  • Automated verification of the the markdown syntax and reachability of the URLs.

  • Added identification codes to the requirements, which will be included in the future version of the MSTG in order to find the recommendations and testcases easily.

  • Reduced the repo size and added Generated to the .gitignore.

  • Added a Code of Conduct & Contributing guidelines.

  • Added a Pull-Request template.

  • Updated the sync with the repo in use for hosting the Gitbook website.

  • Updated the scripts to generate XML/JSON/CSV for all the translations.

  • Translated the Foreword to Chinese (ZHTW).

V1.1.3 - 9 January 2019 - Small fixes

  • Fix translation issue of requirement 7.1 in the Spanish version

  • New setup of translators in acknowledgements

V1.1.2 - 3 January 2019 - Sponsorship and internationalization

The following changes are part of release 1.1.2:

  • Added thank you note for buyers of the e-book.

  • Added missing authentication link & updated broken authentication link in V4.

  • Fixed swap of 4.7 and 4.8 in English.

  • First international release!

    • Fixes in Spanish translation. Translation is now in sync with English (1.1.2).

    • Fixes in Russian translation. Translation is now in sync with English (1.1.2).

    • Added first release of Chinese (ZHTW) French, German, and Japanese!

  • Simplified document for ease of translation.

  • Added instructions for automated releases.

V1.1.0 - 14 July 2018

The following changes are part of release 1.1:

  • Requirement 2.6 "The clipboard is deactivated on text fields that may contain sensitive data." was removed.

  • Requirement 2.2 "No sensitive data should be stored outside of the app container or system credential storage facilities." was added.

  • Requirement 2.1 was reworded to "System credential storage facilities are used appropriately to store sensitive data, such as PII, user credentials or cryptographic keys.".

V1.0 12 - January 2018

The following changes are part of release 1.0:

  • Delete 8.9 as the same as 8.12

  • Made 4.6 more generic

  • Minor fixes (typos etc.)