A hand holding a phone with Surfshark VPN written on the screen and an independent security review badge in front of it.

We continuously work hard to keep up with the highest security standards. And, before the New Year, we have one more thrilling announcement to make. Surfshark’s Android mobile app passed an independent Mobile App Security Assessment (MASA) security audit! It proves our app is safe to use and handles user data with the globally accepted MASA requirements in mind. From now on, you’ll see a little “Independent Security Review” safety badge on our Google Play Store’s app download page. Let’s unpack what this badge means to you, our current or future customer.

Table of contents

    What is the MASA certification?

    Mobile Application Security Assessment (MASA) is an industry-led initiative to improve application security through third-party assessments. The MASA certification requirements were created by the members of the Open Web Application Security Project (OWASP), a widely established industry standard for mobile application security.

    Google used these requirements to establish the “Independent Security Review” badge. The new badge should boost user trust when downloading apps on the Google Play Store. It will help them identify the apps that meet the mobile security and privacy best practices according to internationally accepted MASA requirements. We’re glad to announce that Surfshark’s app successfully passed the test, and you can see the badge that proves it on our app’s download page!

    What did Surfshark’s MASA audit process look like?

    Independent, Google-approved third-party auditors carried out the assessment using various MASA criteria. The test evaluated how the Surfshark app handles sensitive data, authenticates its users, and manages their sessions; as well as how it uses multiple cryptographic methods (encryption, digital signatures, passwords, etc.). It also checked the code quality, whether the app’s API and standard components are used securely, and more. See the detailed results of Surfshark’s certification here.

    The MASA audit is a continuation of our rigorous efforts to prove Surfshark product safety by gaining globally accepted certifications. You can find more information about previous Surfshark audits and certificates on the Trust Center page, including our no-logs VPN assurance report by Deloitte, one of the Big Four global auditing firms. See Surfshark’s Terms of Service for more details.

    What does it mean to you, our current or future user? 

    Essentially, it signifies that the Surfshark Android app meets the MASA criteria and is safe to use. From now on, our app on the Google Play Store will have the “Independent Security Review” trust badge. You can spot it right on Surfshark’s Android app download page.

    We will continue providing our users with proof of product safety. How? More internal and external efforts, including third-party audits and certifications. Rest assured with Surshark!