Testing Secured Android & iOS Apps on Browserstack, Mobile DevSecOps Best Practices

Last updated January 1, 2023 by Appdome

Learn how to test Runtime Application Self Protecting (RASP) Protected and obfuscated Android & iOS Apps using Perfecto’s mobile testing suite. Appdome is 100% compatible with all leading mobile application test automation solutions used by DevSecOps teams.  Automated testing of secured Android and iOS app helps developers and others rapidly deploy comprehensive mobile app security and fraud prevention with DevSecOps speed and agility.

Testing Appdome-secured Apps using BrowserStack

This knowledge base article covers the steps needed to test Appdome secured Android & iOS mobile apps using BrowserStack mobile test automation suite.

Appdome works with all leading mobile automation testing solutions to help customers achieve comprehensive mobile app security at DevSecOps speed and agility, all within the app’s existing application lifecycle.

Building App on Appdome to Enable BrowserStack testing 

  1. • Build the app with the Disable SELinux Enforcement option disabled (This option is under OS Integrity category)
    Alternatively, keep SELinux Enforcement enabled, and use Appdome Threat Events:
  2. Finish building the app with the rest of the features in your use case, apply Context (optional), Sign the app, and download it for BrowserStack. Then add the Appdome-secured app to BrowserStack using the remaining steps below.

Adding Your Appdome-Secured App to BrowserStack for Automated Testing

Browserstack.4 294x366

  1. Log in to your BrowswerStack account, or Create an account if you don’t already have one.
  2. Click the Let’s Go button in BrowserStack’s account page.
    • Next, you will see a list of iOS and Android devices you can test the app with.
  3. Click App Live on the top of the page.
  4. Click Upload next to Uploaded Apps to upload your signed app build.
  5. Once the app upload completes, select the device to be used for testing the app.
    This will start by automatically installing the app on the selected device and then will launch it.Browserstack.automation 633x366
  6. Click through the app on the screen to use it.
    If you have any problems with the app, re-build the app on Appdome with diagnostic logs enabled under Troubleshooting.
    Troubleshooting.appdome 603x366
  7. Go back to BrowserStack and repeat the app upload steps to run the app with the affected chosen device.
  8. Click the Kill/Uninstall button on the running app.
  9. Diagnostics.logs 494x366
  10. Under DEVTOOLS, select All Device Logs and Verbose.
  11. Clear the log under DEVTOOLS.
  12. On the device, open the app once more getting to the point where the problem occurred (and take note of the time).
  13. Click the Download button at the top right-hand corner under DEVTOOLS.
  14. Set a name for the downloaded log including the time the problem occurred.
  15. Email this to support@appdome.com complete with details on the problem, device model and OS version used in testing.

Troubleshooting Tips

If your mobile application closes/exits unexpectedly and/or you see a message such as: “Application has violated security policies and it will be shut down”, this usually means that techniques are present which Appdome protects against, such as emulator mode, tampering, reverse engineering, or root hiding. Below are some of the likely causes:

  • The user may be running the testing tool in ’emulator’ mode, which Appdome protects against. To remedy this, run the test in ‘manual’ mode or using real devices.
  • BrowserStack uses the Magisk root hiding framework for some Android devices. If you built your application with Appdome’s Magisk prevention features, such as Block Magisk Hide or Block Magisk Manager, the application will not run. This is expected and by design. To work around this, either uses different Android devices where Magisk is not present or build your application without Magisk prevention.
  • BrowswerStack’s VPN  uses TCP port 80 (http), which does not encrypt traffic. If you built your application with Appdome’s MitM Prevention or other features from Appdome’s Secure Communication category, the TCP session will be blocked. This is expected and by design.


let's solve it together

HilaMaking your security project a success!
By filling out this form, you opt-in to recieve emails from us.