Clarification on MASTG Test Selection and Level Dependencies (L1/L2)

[carloddt-oss]

Hello and sorry in advance if this is a dumb question, but I'm struggling to figure out how to interpret some info from the MASTG.
When I select a test from the official link, there's another list of tests that pops up on the left menu (see the following image for clarity)

.
For example, if I select the MASTG-TEST-0001 test from the official link https://mas.owasp.org/MASTG/tests/android/MASVS-STORAGE/MASTG-TEST-0001/ on the left, I'll see these additional tests:

MASTG-TEST-0003: Testing Logs for Sensitive Data
MASTG-TEST-0004: Determining Whether Sensitive Data Is Shared with Third Parties via Embedded Services
MASTG-TEST-0005: Determining Whether Sensitive Data Is Shared with Third Parties via Notifications
MASTG-TEST-0006: Determining Whether the Keyboard Cache Is Disabled for Text Input Fields
MASTG-TEST-0009: Testing Backups for Sensitive Data
MASTG-TEST-0011: Testing Memory for Sensitive Data
MASTG-TEST-0012: Testing the Device-Access-Security Policy

Are these tests "mandatory", just suggestions, or do they vary based on the L1 and L2 levels?
If they depend on the L1 and L2 levels, how do I know when and which ones to select based on the needs?
Thanks for any answers!

[cpholguera]

Hi @carloddt-oss and sorry for the late reply. It looks like you've selected an Android test from the MASVS-STORAGE category. If you scroll up, you'll see MASVS-STORAGE in the menu. The list you're looking at is the complete list of MASTG v1 tests related to MASVS-STORAGE. You can open the checklist view to see the levels.

https://mas.owasp.org/checklists/MASVS-STORAGE/

Note that these levels are only for MASVS V1 and are only for the transition period. You can of course use them.

We're currently on MASVS V2 and have started working on the new MASTG V2 tests, which are now available here:

https://mas.owasp.org/MASTG/tests-beta/

The list is small at the moment, but will grow as the year progresses. Of course, we'll be porting all the V1 tests to this new style, which will improve their content and quality. Also be sure to check out the new demos available for the new tests, they're very insightful.

If you have any other questions, I'll be happy to help.