OWASP Developer Guide

Mobile Application Security

8.5 Mobile Application Security

The OWASP Mobile Application Security (MAS) flagship project has the mission statement: “Define the industry standard for mobile application security”.

The MAS project covers the processes, techniques, and tools used for security testing a mobile application, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. The OWASP MAS project provides the Mobile Application Security Verification Standard (MASVS) for mobile applications and a comprehensive Mobile Application Security Testing Guide (MASTG).

OWASP MAS Crackmes, also known as UnCrackable Apps, is a collection of reverse engineering challenges for the MAS project.

What is MAS Crackmes?

OWASP MAS Crackmes is a set of reverse engineering challenges for mobile applications. These challenges are used as examples throughout the OWASP Mobile Application Security Testing Guide (MASTG) and, of course, you can also solve them for fun.

There are challenges for Android and also a couple for Apple iOS.

Why use MAS Crackmes?

Working through the challenges will improve understanding of mobile application security, and will also give an insight into the examples provided in the MASTG.

How to try the challenges

  1. Select and download a challenge into your mobile application environment
  2. Satisfy the individual challenge exercise
  3. Have fun

Each challenge has various solutions provided by the community; these can be used to compare with your solution.

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.