Acess to certificate

[TaniaDosSantos]

Hello there.
The Control 7.1 indicates that an application must be signed and provisioned with a valid certificate, from which the private key is properly secured. My question is, what's the procedure I must follow to get this certificate?

[cpholguera]

Hi @TaniaDosSantos, the OWASP MASVS has a companion document called MSTG (Mobile Security Testing Guide). You can look up the MSTG using the IDs you find in the corresponding MASVS controls. In this case, if you search the MSTG for MSTG-CODE-1 (which corresponds to 7.1) you'll find this section:

https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05i-Testing-Code-Quality-and-Build-Settings.md#making-sure-that-the-app-is-properly-signed-mstg-code-1

If you're testing the app (e.g. as a pentester) you'll surely find your answer in there. As a developer you'll surely find interesting information and several links and references to the topic. For example:

https://developer.android.com/studio/publish/app-signing.html