Permissions
by Mark Neve
1. GOOGLE
1.1. Core app quality
1.1.1. SC-P1
1.1.2. SC-P2
1.1.3. SC-P3
1.1.4. SC-P4
1.1.5. SC-P5
1.1.6. SC-AC3
1.2. App Security Best Practices
1.2.1. Provide the right permissions
1.2.2. Provide the right permissions Use intents to defer permissions
1.2.3. Provide the right permissions Share data securely across apps
2. Open Web Application Security Project (OWASP)
2.1. Mobile Application Security Verification Standard (MASVS)
2.1.1. 6.1 MSTG-PLATFORM-1
2.2. Application Security Verification Standard 4.0.3 (ASVS)
2.2.1. V10.2 Malicious Code Search
3. MITRE
3.1. Application Developer Guidance
3.1.1. T1626 Abuse Elevation Control Mechanism
4. ioXt Alliance
4.1. Mobile Application Profile
4.1.1. 4.6. Security by Default SD113
5. US National Institute of Standards and Technology (NIST)
5.1. NIST Special Publication 800-190
5.1.1. 4.5.5 Host file system tampering
6. National Information Assurance Partnership (NIAP)
6.1. Requirements for Vetting Mobile Apps from the Protection Profile for Application Software
6.1.1. Secure by Default Configuration FMT_CFG_EXT.1.2
6.1.2. User Consent for Transmission of Personally Identifiable Information FPR_ANO_EXT.1.1
6.1.3. Anti-Exploitation Capabilities FPT_AEX_EXT.1.2