1. Open Web Application Security Project (OWASP)
1.1. Mobile Application Security Verification Standard (MASVS)
1.1.1. 1.1 MSTG-ARCH-1
1.1.2. 1.3 MSTG-ARCH-3
1.1.3. 1.4 MSTG-ARCH-4
1.1.4. 1.5 MSTG-ARCH-5
1.1.5. 1.7 MSTG-ARCH-7
1.1.6. 1.8 MSTG-ARCH-8
1.1.7. 1.10 MSTG-ARCH-10
1.2. Application Security Verification Standard 4.0.3 (ASVS)
1.2.1. V1.1 Secure Software Development Lifecycle
1.2.2. V1.2 Authentication Architecture
1.2.3. V1.7 Errors, Logging and Auditing Architecture
1.2.4. V1.8 Data Protection and Privacy Architecture
1.2.5. V8.3 Sensitive Private Data
2. GOOGLE
2.1. Core App Quality
2.1.1. VX-S1
2.1.2. PS-T5
3. National Information Assurance Partnership (NIAP)
3.1. Requirements for Vetting Mobile Apps from the Protection Profile for Application Software
3.1.1. Use of Supported Services and APIs FPT_API_EXT.1.1
4. UK National Cyber Security Centre (NCSC)
4.1. Application Development Recommendations
4.1.1. Application Wrappers 4.1 Security Considerations (Android)
4.1.2. Application Wrappers 4.2 Security Requirements (Android)
4.1.3. Application Wrappers 4.1 Security Considerations (iOS)
4.1.4. Application Wrappers 4.2 Security Requirements (iOS)
5. Department for Digital, Culture, Media & Sport (DCMS)
5.1. Code of practice for app store operators and app developers
5.1.1. 1. Ensure only apps that meet the code’s security and privacy baseline requirements are allowed on the app store
5.1.2. 2. Ensure apps adhere to baseline security and privacy requirements
5.1.3. 6. Provide security and privacy guidance to Developers