Foreword

squirrel (noun plural): Any arboreal sciurine rodent of the genus Sciurus, such as S. vulgaris (red squirrel) or S. carolinensis (grey squirrel), having a bushy tail and feeding on nuts, seeds, etc.

On a beautiful summer day, a group of ~7 young men, a woman, and approximately three squirrels met in a Woburn Forest villa. So far, nothing unusual. But little did you know, within the next five days, they would redefine not only mobile application security, but the very fundamentals of book writing itself (ironically, the event took place near Bletchley Park, once the residence and work place of the great Alan Turing).

Or maybe that's going to far. But at least, they produced a proof-of-concept for an unusual security book. The Mobile Security Testing Guide (MSTG) is an open, agile, crowd-sourced effort, made of the contributions of dozens of authors and reviewers from all over the world.

With the MSTG, we aim to create best practices for mobile security, along with a comprehensive set of security test cases to verify them. The best practices and test cases are packaged into beginner friendly, complete and practical guide to mobile app security testing and reverse engineering.

This is an early preview edition of the MSTG that contains sample chapters made out of the Android content in our GitHub repository. We made it so our OWASP Summit working would have a tangible result (and because OWASP asked us to). The final version of the guide, which will cover a wide range of Android, iOS, and OS-independent topics, is scheduled for release in the first quarter of 2018.

Our wholehearted thanks go to everyone who contributed to this project. We'd also like to thank the OWASP Foundation for bringing all of us together, and organizing and sponsoring this fantastic event.