The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Description:
The current MSTG test cases for the screenshot on mobile devices state and restrains the screenshots for application when it is in the background. However, for applications that are sensitive to personal or financial data, this test case does not apply.
A warning message for such applications when a screenshot is triggered would also bring users aware of such activities as well as acknowledge to consent that this action is done by the user itself. In which case, it would protect the app developer or the institution that it belongs to that if in such case the screenshot or data of this nature is leaked by malicious or other methods, the developer and the institution are not liable for such data leakage.
Or in other methods, preventing this action within the app itself could also be enforced with financial or apps that are sensitive to personal information.
In sum, this would allow for a more secure operating environment for the users when using the app, as well as prevent malicious codes from running or capturing sensitive data from devices while the user is operating.
Please take under consideration for an additional test case on top of MSTG-STORAGE-9 to further improve on screenshot limitations. Thanks.
Platform: iOS, Android
Description: The current MSTG test cases for the screenshot on mobile devices state and restrains the screenshots for application when it is in the background. However, for applications that are sensitive to personal or financial data, this test case does not apply.
A warning message for such applications when a screenshot is triggered would also bring users aware of such activities as well as acknowledge to consent that this action is done by the user itself. In which case, it would protect the app developer or the institution that it belongs to that if in such case the screenshot or data of this nature is leaked by malicious or other methods, the developer and the institution are not liable for such data leakage.
Or in other methods, preventing this action within the app itself could also be enforced with financial or apps that are sensitive to personal information.
In sum, this would allow for a more secure operating environment for the users when using the app, as well as prevent malicious codes from running or capturing sensitive data from devices while the user is operating.
Please take under consideration for an additional test case on top of MSTG-STORAGE-9 to further improve on screenshot limitations. Thanks.