Publish Android MAP audit report

[Rawa]

This PR aims to publish the report for MAP audit conducted earlier this year along with a brief summary document.

---

This change is 

[linear]

DROID-2625 Publish audit report

[Rawa]

@Rawa made 1 comment.
Reviewable status: 0 of 4 files reviewed, 1 unresolved discussion.

---

audits/2026-02-17-leviathan-map.md line 67 at r1 (raw file):

The MAP certificate is hosted by App Defence Alliance:
* [2026-02-17 MASA certificate](TBD)

BLOCKING: MAP certificate/compliance report link needs updated before merging. We are awaiting publication of it.

[albin-mullvad]

@albin-mullvad reviewed all commit messages and made 2 comments.
Reviewable status: 0 of 4 files reviewed, 3 unresolved discussions (waiting on Rawa).

---

audits/2026-02-17-leviathan-map.md line 29 at r1 (raw file):

### 1.6.3.1 Compiler security features shall be enabled

The requested feature is yet not available in stable version of Rust, there is an [on-going issue]

Suggestion:

ongoing

---

audits/2026-02-17-leviathan-map.md line 36 at r1 (raw file):

counter. We've manually reviewed it and found no issues.

**Conclusion:** Finding retracted from Leviathan

Suggestion:

by

[albin-mullvad]

@albin-mullvad resolved 2 discussions.
Reviewable status: 0 of 4 files reviewed, 1 unresolved discussion.

[Pururun]

@Pururun reviewed 4 files and all commit messages, and made 1 comment.
Reviewable status: 0 of 4 files reviewed, 1 unresolved discussion (waiting on albin-mullvad).

[kl]

@kl made 1 comment.
Reviewable status: 0 of 4 files reviewed, 2 unresolved discussions (waiting on albin-mullvad, Pururun, and Rawa).

---

audits/2026-02-17-leviathan-map.md line 3 at r3 (raw file):

# 2026-02-17 - Leviathan MAP audit of our Android app

[Leviathan Security Group] conducted a Mobile Application Profile (MAP, successor to MASA) of our

"conducted a Mobile Application Profile" sounds wrong. Should be "conducted a Mobile Application Profile audit"?

[Pururun]

@Pururun made 1 comment.
Reviewable status: 0 of 4 files reviewed, 3 unresolved discussions (waiting on albin-mullvad and Rawa).

---

audits/2026-02-17-leviathan-map.md line 40 at r3 (raw file):

### 1.8.2.1 The app shall be transparent about data collection and usage

When adding Google Play Payments in version 2023.8 we never updated our Google Play listing to

I think this could be either:

"After adding Google Play Payments in version 2023.8 we never updated our Google Play listing to..."

or

"When adding Google Play Payments in version 2023.8 we did not update our Google Play listing to..."

[albin-mullvad]

@albin-mullvad reviewed 4 files, made 2 comments, and resolved 1 discussion.
Reviewable status: 4 of 5 files reviewed, 2 unresolved discussions (waiting on kl and Pururun).

---

audits/2026-02-17-leviathan-map.md line 3 at r3 (raw file):

Previously, kl (Kalle Lindström) wrote…

"conducted a Mobile Application Profile" sounds wrong. Should be "conducted a Mobile Application Profile audit"?

Fixed 👍

---

audits/2026-02-17-leviathan-map.md line 40 at r3 (raw file):

Previously, Pururun (Jonatan Rhodin) wrote…

I think this could be either:

"After adding Google Play Payments in version 2023.8 we never updated our Google Play listing to..."

or

"When adding Google Play Payments in version 2023.8 we did not update our Google Play listing to..."

Done

[kl]

@kl made 1 comment and resolved 1 discussion.
Reviewable status: 3 of 5 files reviewed, 1 unresolved discussion (waiting on albin-mullvad and Pururun).

[Pururun]

@Pururun reviewed 2 files and all commit messages, and made 1 comment.
Reviewable status: 3 of 5 files reviewed, 1 unresolved discussion (waiting on albin-mullvad).