Home / Services / Google CASA & MASA Testing

Google CASA & MASA Testing

App security assessment for Google Cloud and Android marketplace

1-2 weeks Starting at $7,500
Request a Quote View all services
Google CASA & MASA Testing ASSESSMENT
2
CRITICAL
6
HIGH
11
MEDIUM
5
LOW
External perimeter testingPASSED
Application security testingPASSED
Remediation verificationIN PROGRESS
Final report deliveryPENDING
Overview

What This Engagement Covers

A comprehensive assessment tailored to your environment.

Google's Cloud Application Security Assessment (CASA) and Mobile Application Security Assessment (MASA) are required for apps that access Google user data or want to display security badges on the Play Store. Our testing satisfies CASA Tier 2/3 and MASA requirements with authorized lab-quality assessments.

Our Process

What We Test & How

What We Test

For CASA, we assess web applications, APIs, and cloud services that integrate with Google APIs and handle Google user data. For MASA, we test Android applications against the OWASP MASVS standard including data storage, cryptography, authentication, network security, platform interaction, and code quality.

Our Approach

Our CASA assessments follow the App Defense Alliance (ADA) methodology, testing against OWASP ASVS Level 1/2 requirements. MASA assessments follow OWASP MASVS and MSTG procedures. We provide detailed findings reports compatible with Google's submission requirements and work directly with the ADA process.

Deliverables

What You'll Receive

Everything included in your engagement report.

CASA/MASA compliant security assessment report

OWASP ASVS or MASVS compliance mapping

Vulnerability findings with evidence

Google submission-ready documentation

API security assessment results

Data handling and privacy evaluation

Remediation guidance for identified issues

Retest validation report for resubmission

Methodology

Our Testing Methodology

A structured approach to identifying and validating vulnerabilities.

1

Application scope and data flow analysis

2

OWASP ASVS/MASVS control testing

3

Authentication and session management testing

4

Data storage and privacy assessment

5

Cryptographic implementation review

6

API and network security testing

7

Platform-specific security testing (Android/Cloud)

8

Google ADA submission documentation

Findings

Common Vulnerabilities We Find

Typical security issues discovered during this type of engagement.

Insecure Local Data Storage Missing Certificate Pinning Hardcoded API Keys or Secrets Insufficient OAuth Scope Validation Improper WebView Configuration Missing Root/Jailbreak Detection Insecure Inter-Process Communication Excessive Permission Requests
Who It's For

Ideal For

Apps Accessing Google User Data
Android Play Store Developers
Google Workspace Marketplace Apps
Google Cloud Marketplace Listings
OAuth-Integrated Applications
Companies Seeking Play Store Security Badge
Compliance

Standards We Support

Google CASA Google MASA OWASP ASVS OWASP MASVS

Ready to Get Started?

$7,500

Typical engagement: 1-2 weeks

Request a Quote
More Services

Explore Other Services

Complementary security engagements for comprehensive coverage.

Web Application Penetration Testing

Comprehensive security assessments of your web applications

Starting at $7,500 Learn more

API Penetration Testing

Secure your REST, GraphQL, and SOAP APIs

Starting at $7,500 Learn more

Active Directory & Domain Penetration Testing

Assess your Windows domain infrastructure security

Starting at $10,000 Learn more
Why Us

Why Lorikeet Security

Certified Experts

OSCP, OSCE, CEH, GPEN certified professionals

Auditor Ready

Reports designed for compliance audits

Free Retesting

Validate fixes at no additional cost

Expert Support

Direct access to testing team during remediation

Lory waving

Hi, I'm Lory! Need help finding the right service? Click to chat!