Compliance
OWASP Mobile Application Security Verification Standard (MASVS)
OWASP Mobile Project
MASVS is the industry standard for mobile app security verification. Its RESILIENCE group defines controls for apps that must resist reverse engineering and tampering — exactly the area Appsolid supports.
Note: This page is a mapping for orientation — not a claim of certification or verification. Secure coding and server-side controls remain your responsibility. Appsolid is an Android client-protection tool that supports some of these controls.
What this requires
RESILIENCE covers four areas: resistance to static analysis, anti-tampering & integrity, resistance to dynamic analysis & instrumentation, and platform/environment integrity — each verifiable via MASTG tests.
How Appsolid maps
R-4 · Static-analysis & reverse-engineering resistance
SupportedIn-memory packing + AES-256-GCM encryption + O-MVLL native obfuscation (static extraction 4 of 8,036 classes).
R-2 · Anti-tamper & integrity verification
SupportedPayload cryptographic authentication + self-checksum — decryption fails on tampering.
R-3 · Dynamic-analysis & instrumentation resistance
SupportedAlways-on anti-Frida, inline-hook and debugger detection → self-termination; key entanglement means hooked apps never load the original code.
R-1 · Platform & environment integrity
SupportedRooting, bootloader tampering, emulator and ADB-debugging detection (verified live e2e).
Your responsibility
- Secure coding, secrets management and secure data storage.
- Server-side authentication/authorization, transport security (TLS) and API security.
- Signing-key management and release-pipeline security (Appsolid returns unsigned output by design).
- Formal assessment/certification through a qualified assessor.