search

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
https://mas.owasp.org/
Creative Commons Attribution Share Alike 4.0 International
11.46k stars 2.26k forks source link

Warning message and/or preventing screenshot for personal data sensitive applications #1709

Open ninedter opened 4 years ago

ninedter commented 4 years ago

Platform: iOS, Android

Description: The current MSTG test cases for the screenshot on mobile devices state and restrains the screenshots for application when it is in the background. However, for applications that are sensitive to personal or financial data, this test case does not apply.

A warning message for such applications when a screenshot is triggered would also bring users aware of such activities as well as acknowledge to consent that this action is done by the user itself. In which case, it would protect the app developer or the institution that it belongs to that if in such case the screenshot or data of this nature is leaked by malicious or other methods, the developer and the institution are not liable for such data leakage.

Or in other methods, preventing this action within the app itself could also be enforced with financial or apps that are sensitive to personal information.

In sum, this would allow for a more secure operating environment for the users when using the app, as well as prevent malicious codes from running or capturing sensitive data from devices while the user is operating.

Please take under consideration for an additional test case on top of MSTG-STORAGE-9 to further improve on screenshot limitations. Thanks.

commjoen commented 4 years ago

Is linked to https://github.com/OWASP/owasp-masvs/issues/443 , but seems like a great item to work at!