Implement testcase for MSTG-PLATFORM-11

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

https://mas.owasp.org/

Creative Commons Attribution Share Alike 4.0 International

11.44k stars 2.26k forks source link

Implement testcase for MSTG-PLATFORM-11 #1488

Open commjoen opened 4 years ago

commjoen commented 4 years ago

MSTG-PLATFORM-11: Verify that the app prevents usage of custom third-party keyboards whenever sensitive data is entered.

daMatz commented 3 years ago

Is MSTG-PLATFORM-11 applicable for Android?

commjoen commented 3 years ago

I guess not: mostly only in iOS as every keyboard shipped with the Android OS could be a third party keyboard...

galapogos commented 7 months ago

I guess not: mostly only in iOS as every keyboard shipped with the Android OS could be a third party keyboard...

Why is this so though? There is still the default keyboard that is pre-installed with the device and cannot be uninstalled, right? For example, Gboard for Google Pixel and Samsung Keyboard for Samsung devices. Is there no way to programatically detect if the currently selected keyboard is the default one?