OWASP · cpholguera · Dec 15, 2025
diff --git a/demos/android/MASVS-STORAGE/MASTG-DEMO-0006/MASTG-DEMO-0006.md b/demos/android/MASVS-STORAGE/MASTG-DEMO-0006/MASTG-DEMO-0006.md
@@ -1,14 +1,14 @@
 ---
 platform: android
-title: Tracing Common Logging APIs Looking for Secrets
+title: Tracing Common Logging APIs Looking for Authenticators
 id: MASTG-DEMO-0006
 code: [kotlin]
 test: MASTG-TEST-0203
 ---
 
 ### Sample
 
-The snippet contains many calls to logging APIs which are used to print out secrets such as passwords or IVs.
+The snippet contains many calls to logging APIs which are used to print out authenticators such as API keys.
 
 {{ MastgTest.kt }}
 
@@ -30,6 +30,6 @@ As a reference, this is the corresponding logcat output obtained from Android St
 
 ### Evaluation
 
-Review each of the reported instances by using keywords and known secrets (e.g. passwords or usernames or values you keyed into the app).
+Review each of the reported instances looking for known authenticators (e.g. API keys).
 
-Note: You could refine the test to input a known secret and then search for it in the logs.
+Note: You could refine the test to input a known authenticators and then search for it in the logs.
diff --git a/demos/ios/MASVS-STORAGE/MASTG-DEMO-0066/MASTG-DEMO-0066.md b/demos/ios/MASVS-STORAGE/MASTG-DEMO-0066/MASTG-DEMO-0066.md
@@ -1,6 +1,6 @@
 ---
 platform: ios
-title: Sensitive Data Logging with idevicesyslog
+title: Authenticators Logged with idevicesyslog
 code: [swift]
 id: MASTG-DEMO-0066
 test: MASTG-TEST-0296

diff --git a/tests-beta/android/MASVS-STORAGE/MASTG-TEST-0203.md b/tests-beta/android/MASVS-STORAGE/MASTG-TEST-0203.md
@@ -1,6 +1,6 @@
 ---
 platform: android
-title: Runtime Use of Logging APIs
+title: Runtime Use of Logging APIs Exposing User Sensitive Data
 id: MASTG-TEST-0203
 apis: [Log, Logger, System.out.print, System.err.print, java.lang.Throwable#printStackTrace]
 type: [dynamic]
@@ -12,7 +12,7 @@ knowledge: [MASTG-KNOW-0049]
 
 ## Overview
 
-On Android platforms, [logging APIs](../../../0x05d-Testing-Data-Storage.md/#logs) like `Log`, `Logger`, `System.out.print`, `System.err.print`, and `java.lang.Throwable#printStackTrace` can inadvertently lead to the leakage of sensitive information. Log messages are recorded in logcat, a shared memory buffer, accessible since Android 4.1 (API level 16) only to privileged system applications that declare the `READ_LOGS` permission. Nonetheless, the vast ecosystem of Android devices includes pre-loaded apps with the `READ_LOGS` privilege, increasing the risk of sensitive data exposure. Therefore, direct logging to logcat is generally advised against due to its susceptibility to data leaks.
+On Android platforms, [logging APIs](../../../0x05d-Testing-Data-Storage.md/#logs) like `Log`, `Logger`, `System.out.print`, `System.err.print`, and `java.lang.Throwable#printStackTrace` can inadvertently lead to the leakage of sensitive information. Log messages are recorded in logcat, a shared memory buffer, accessible since Android 4.1 (API level 16) only to privileged system applications that declare the `READ_LOGS` permission. Nonetheless, the vast ecosystem of Android devices includes pre-loaded apps with the `READ_LOGS` privilege, increasing the risk of user sensitive data exposure. Therefore, direct logging to logcat is generally advised against due to its susceptibility to data leaks.
 
 ## Steps
 
@@ -26,4 +26,4 @@ The output should contain a list of locations where logging APIs are used in the
 
 ## Evaluation
 
-The test case fails if you can find sensitive data being logged using those APIs.
+The test case fails if you can find user sensitive data being logged using those APIs.
diff --git a/tests-beta/android/MASVS-STORAGE/MASTG-TEST-0231.md b/tests-beta/android/MASVS-STORAGE/MASTG-TEST-0231.md
@@ -1,6 +1,6 @@
 ---
 platform: android
-title: References to Logging APIs
+title: References to Logging APIs Exposing User Sensitive Data
 id: MASTG-TEST-0231
 apis: [Log, Logger, System.out.print, System.err.print, java.lang.Throwable#printStackTrace, android.util.Log]
 type: [static]
@@ -24,4 +24,4 @@ The output should contain a list of locations where logging APIs are used.
 
 ## Evaluation
 
-The test fails if an app logs sensitive information from any of the listed locations.
+The test fails if an app logs user sensitive information from any of the listed locations.
diff --git a/tests-beta/ios/MASVS-STORAGE/MASTG-TEST-0296.md b/tests-beta/ios/MASVS-STORAGE/MASTG-TEST-0296.md
@@ -1,6 +1,6 @@
 ---
 platform: ios
-title: Sensitive Data Exposure Through Insecure Logging
+title: User Sensitive Data Exposure in Logs
 id: MASTG-TEST-0296
 type: [dynamic]
 weakness: MASWE-0001
@@ -15,7 +15,7 @@ knowledge: [MASTG-KNOW-0101]
 
 This test is the dynamic counterpart to @MASTG-TEST-0297.
 
-In this test, we will monitor and capture the device logs and then analyze them for sensitive data.
+In this test, we will monitor and capture the device logs and then analyze them for user sensitive data.
 
 !!! warning Limitation
     - Linking the logs back to specific locations in the app can be difficult and requires manual analysis of the code. As an alternative you can use dynamic analysis with @MASTG-TOOL-0039.
@@ -35,4 +35,4 @@ The output should contain all logged data.
 
 ## Evaluation
 
-The test case fails if you can find sensitive data inside the output.
+The test case fails if you can find user sensitive data inside the output.