Open zka-nord opened 1 week ago
Hey @zka-nord, thank you for taking the time to review the Mobile Profile and provide feedback.
For this requirement data stored in the app sandbox does not require additional encryption. In order to avoid versioning issues we link to v1.7 of the MASTG for Test Procedures, which was the latest available on github at the time this standard was being developed. Would swapping the link to the latest MASTG for this and 1.1.1.1 (#33) help make this more clear as it now includes a note:
NOTE: For MASVS L1 compliance, it is sufficient to store data unencrypted in the application's internal storage directory (sandbox).
Very similar to https://github.com/appdefensealliance/ASA-WG/issues/33 - the Verification procedures cover only external storage when testing procedure referenced in L2 covers local storage as well