The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
Creative Commons Attribution Share Alike 4.0 International
1.97k
stars
424
forks
source link
Requirement 2.2 seems (very) inaccurate based on other requirements #632
Closed
jmanico closed 2 years ago
2.2 No sensitive data should be stored outside of the app container or system credential storage facilities.
This says it's ok to store sensitive data in the app container outside of cred storage or memory.
But 2.13, 2.14, and 2.15 really suggest NOT putting sensitive data anywhere not in memory, not encrypted, or not in the keychain.
So I suggest drop the "app container" part of 2.2, it's misleading.