Testing Secured Android & iOS Apps on Browserstack, Mobile DevSecOps Best Practices
Learn how to test Runtime Application Self Protecting (RASP) Protected and obfuscated Android & iOS Apps using Perfecto’s mobile testing suite. Appdome is 100% compatible with all leading mobile application test automation solutions used by DevSecOps teams. Automated testing of secured Android and iOS app helps developers and others rapidly deploy comprehensive mobile app security and fraud prevention with DevSecOps speed and agility.
Testing Appdome-secured Apps using BrowserStack
This knowledge base article covers the steps needed to test Appdome secured Android & iOS mobile apps using BrowserStack mobile test automation suite.
Appdome works with all leading mobile automation testing solutions to help customers achieve comprehensive mobile app security at DevSecOps speed and agility, all within the app’s existing application lifecycle.
Building App on Appdome to Enable BrowserStack testing
• Build the app with the Disable SELinux Enforcement option disabled (This option is under OS Integrity category)
- Finish building the app with the rest of the features in your use case, apply Context (optional), Sign the app, and download it for BrowserStack. Then add the Appdome-secured app to BrowserStack using the remaining steps below.
Adding Your Appdome-Secured App to BrowserStack for Automated Testing
• Login to your BrowswerStack account, or Create an account if you don’t already have one.
• Click the Let’s Go button in BrowserStack’s account page.
• Next, you will see a list of iOS and Android devices you can test the app with.
• Click App Live on the top of the page.
• Click Upload next to Uploaded Apps to upload your signed app build.
• Once the app upload completes, choose the device that you would like to test the app with.
• This will start by automatically installing the app on the selected device and then will launch it.
• Click through the app on the screen to use it.
o If you have any problems with the app, please re-build the app on Appdome with diagnostic logs enabled under Troubleshooting.
- Go back to BrowserStack and repeat the app upload steps to run the app with the affected chosen device.
- Click the Kill/Uninstall button on the running app.
- Under DEVTOOLS, select All Device Logs and Verbose
- Clear the log under DEVTOOLS.
- On the device, open the app once more getting to the point where the problem occurred (and take note of the time).
- Click the Download button at the top right-hand corner under DEVTOOLS.
- Set a name for the downloaded log including the time the problem occurred.
- Email this to firstname.lastname@example.org complete with details on the problem, device model and OS version used in testing.
If your mobile application closes/exits unexpectedly and/or you see a message such as: “Application has violated security policies and it will be shut down”, this usually means that techniques are present which Appdome protects against, such as emulator mode, tampering, reverse engineering, or root hiding. Below are some of the likely causes:
- The user may be running the testing tool in ’emulator’ mode, which Appdome protects against. To remedy this, run the test in ‘manual’ mode or using real devices.
- BrowserStack uses the Magisk root hiding framework for some Android devices. If you built your application with Appdome’s Magisk prevention features, such as Block Magisk Hide or Block Magisk Manager, the application will not run. This is expected and by design. To work around this, either uses different Android devices where Magisk is not present or build your application without Magisk prevention.
- BrowswerStack’s VPN uses TCP port 80 (http), which does not encrypt traffic. If you built your application with Appdome’s MitM Prevention or other features from Appdome’s Secure Communication category, the TCP session will be blocked. This is expected and by design.