MASVS is a part of the OWASP Mobile application security guide that can be used as a guideline and best practices during mobile application development as well as security testing. With the use of MASVS, We can achieve a total of four verification levels. But MASVS actually provides two security verification levels (MASVS-L1 and MASVS-L2), as well as a set of reverse engineering resiliency requirements (MASVS-R).
- MASVS-L1: Security requirements that are recommended for all mobile applications
- MASVS-L2: Security requirements for applications that contain sensitive data, which requires protection.
- MASVS-R: Security requirements for applications that need Resiliency Against Reverse Engineering and Tampering such as apps that handle highly sensitive data and may serve as a means of protecting intellectual property or tamper-proofing an app.
Therefore, a mobile application can have four verification levels as follows.
- MASVS-L1
- MASVS-L1+R
- MASVS-L2
- MASVS-L2+R
You can read more about OWASP MASVS from the official publications.
Reference