The OWASP MASVS and MASTG are trusted by the following platform providers and standardization, governmental and educational institutions.

Mobile Platform Providers

Google Android

Since 2021 Google has shown their support for the OWASP Mobile Security project (MASTG/MASVS) and has started providing continuous and high value feedback to the MASVS refactoring process via the App Defense Alliance (ADA) and its MASA (Mobile Application Security Assessment) program.

With MASA, Google has acknowledged the importance of leveraging a globally recognized standard for mobile app security to the mobile app ecosystem. Developers can work directly with an Authorized Lab partner to initiate a security assessment. Google will recognize developers who have had their applications independently validated against a set of MASVS Level 1 requirements and will showcase this on their Data safety section.

We thank Google, the ADA and all its members for their support and for their excellent work on protecting the mobile app ecosystem.

Certification Institutions


CREST is an international not-for-profit, membership body who quality assures its members and delivers professional certifications to the cyber security industry. CREST works with governments, regulators, academe, training partners, professional bodies and other stakeholders around the world.

In August 2022, CREST launched the OWASP Verification Standard (OVS) Programme. CREST OVS sets new standards for application security. Underpinned by OWASP's Application Security Verification Standard (ASVS) and Mobile Application Security Verification Standard (MASVS), CREST is leveraging the open-source community to build and maintain global standards to deliver a global web and mobile application security framework. This will provide assurance to the buying community that developers using CREST OVS accredited providers, always know that they are engaged with ethical and capable organisations with skilled and competent security testers by leveraging the OWASP ASVS and MASVS standards.

We thank CREST for their consulation regarding the OVS programme and its support to the open-source community to build and maintain global cyber security standards.

Standardization Institutions

NIST (National Institute of Standards and Technology, United States)

The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation's oldest physical science laboratories. Congress established the agency to remove a major challenge to U.S. industrial competitiveness at the time — a second-rate measurement infrastructure that lagged behind the capabilities of the United Kingdom, Germany and other economic rivals.

BSI (Bundesamt für Sicherheit in der Informationstechnik, Germany)

BSI stands for "Federal Office for Information Security", it has the goal to promote IT security in Germany and is the central IT security service provider for the federal government.


The mission of the ioXt Alliance is to build confidence in Internet of Things products through multi-stakeholder, international, harmonized, and standardized security and privacy requirements, product compliance programs, and public transparency of those requirements and programs.

In 2021, ioXt has extended its security principles through the Mobile Application profile, so that app developers can ensure their products are built with, and maintain, high cybersecurity standards such as the OWASP MASVS and the VPN Trust Initiative. The ioXt Mobile Application profile is a security standard that applies to any cloud connected mobile app and provides the much needed market transparency for consumer and commercial mobile app security.

Governmental Institutions


Government of Singapore, Cyber Security Agency (CSA)


European Payments Council


European Payments Council


ENISA (European Union Agency for Cybersecurity)


Government of India, Ministry of Electronics & Information Technology


Finish Transport and Communication Agency (TRAFICOM)


Gobierno de España INCIBE


Educational Institutions


Leibniz Fachhochschule Hannover, Germany


University of Florida, Florida Institute for Cybersecurity Research, United States


University of Adelaide, Australia and Queen Mary University of London, United Kingdom


School of Information Technology, Mapúa University, Philippines


Application in Scientific Research


Industry Case Studies

Would you like to contribute with your case study? Connect with us!

Last updated