Is your Mobile Application Security up to Standard?

Jan 31, 2025

A Developer’s Guide Trough Assessment & Certification Process

With over 5 billion mobile phone users worldwide, mobile applications have become a central part of our daily life. For end users, an app must safeguard their data and privacy, and they are not forgiving if mobile app security is not taken seriously, which can have a serious business impact. Consequently, developers and app managers need a profound understanding of mobile security and the needed certification process that ensures robust apps and securing the user's data. But where to get started? The best way for Android developers is to follow the App Defense Alliance (ADA) and their publications around security guidelines, which are key in the Google Play Store.

In this article, we’ll explain how the Google Play Store establishes the best security practices, that are put into place by the App Defense Alliance (ADA) and how to build and maintain more robust and secure apps.

Mobile Application Security Assessment (MASA): The Pillar of Robust Mobile App Security

To help developers safeguard their applications and protect users from malicious threats, Google, in collaboration with key industry leaders, founded the App Defense Alliance (ADA). The first outcome of this initiative is the Mobile Application Security Assessment (MASA), a rigorous security evaluation conducted by Google Authorized Assessors , such as DEKRA. MASA empowers developers by providing a standardized set of baseline security criteria, helping them build safer and more reliable apps.

To address the multitude of security needs, MASA offers two certification levels, MASA L1 and MASA L2.

MASA L1 focuses on fundamental security measures and best practices, ensuring that apps meet baseline requirements to prevent common vulnerabilities. This level is ideal for apps handling low-risk or non-sensitive data. Starting in 2025, MASA L1 will become mandatory for apps using VPN services on the Google Play Store, safeguarding these applications by its adherence to essential security standards.
MASA L2 takes a security step further by varying additional protective controls. This certification is recommended for apps requiring heightened protection and guards against sophisticated cyberattacks, making it a robust option for high-risk applications handling sensitive user data, like medical or financial systems.

DEKRA is an Authorized Labs for MASA since the early days and we have tested hundreds of mobile apps already. We are committed to supporting app developers in fortifying their mobile applications against security vulnerabilities, identifying critical weaknesses and assisting in their remediation. By aligning with MASA and leveraging our expertise, developers can ensure their apps meet stringent security standards while building trust with their clients.

MASA L1: The Roadmap to Mobile App Security

For developers looking to achieve MASA L1 certification, we offer a streamlined and efficient process, while using automation! Our automated tool evaluates the public version of your app, and checks if it meets ADA’s security requirements. On top we provide you with a questionnaire to self-attest on the MASA requirements and, once all criteria are met, we issue a Validation Report as proof of certification.

Here’s how the process unfolds:

Developers contact DEKRA and, after completing the necessary paperwork, the assessment begins.

Our automated tool scans your app to identify security vulnerabilities, creating a detailed testing report with the findings. Completed the evaluation, we find two scenarios possible:

No issues found: Congratulations! Your app is ready to move to the completion step.
Remediation Needed: If vulnerabilities have been identified, we provide you with an extensive test report with actionable remediation recommendationsincluded. When fixes are implemented, the app can be reevaluated to confirm compliance.

Once your app meets all MASA L1 requirements, DEKRA issues a validation report to ADA confirming your compliance. Finally, your app will be listed in the App Defense Alliance (ADA) directory, showcasing its adherence to security best practices.

Mobile App Security Upgrade: Developer’s Next Steps

MASA Certification isn’t just about compliance, it’s about building trust with your users. As the mobile landscape continues to evolve, security becomes a critical differentiator for developers. By aligning with MASA, you demonstrate commitment to protecting users' data, earning their confidence, and fostering long-term engagement. We as DEKRA recommend being early adopters of the Mobile Security Assessment (MASA) program, ensuring that your apps meet the security standards and best practices.

We are here to support you every step of the way, support you upleveling your security game and embed the MASA certification process to build a more secure and trusted app.

Ready to be a first mover in mobile app security? Contact us and let’s get started!

Show all articles