The MAST initiative outlines a framework for vetting the security of mobile applications and awarding certificate to those which meet the MAST criteria for a secure application.
The Vetting process starts with the “applicant” i.e. the organization or single owner signing up with CSA-MAST through MAST-AVSI and selecting the auditor from a list of approved auditors. Once the applicant selects an auditor, he gets 15 days to submit the source code of the mobile application and other required documents. If the applicant does not have the source code of the mobile application, he may submit the packaged application. Upon successful verification of documents submitted by the applicant, the auditor shall initiate the vetting process as explained under section 5.1 and 5.2.