Testing Secured Android & iOS Apps Using Firebase, Mobile DevSecOps Best Practices

Last updated January 1, 2023 by Appdome

Learn how to test Appdome-secured Android & iOS Apps Using Firebase automation test platform for DevSecOps. Appdome works with all leading mobile automation testing solutions to help customers achieve comprehensive mobile app security at DevSecOps speed and agility, all within the app’s existing application lifecycle.

Testing Appdome-secured Android Apps using Google Firebase

  1. Build your app with your chosen Appdome security features. In order to use Firebase, you need to enable Appdome Threat Events for Anti-Tampering, as shown below.  Then build your app.
    Anti.tampering.threat.event .appdome 650x163
  2. If your fusion set contains “Detect Developer Options”, “Block Android Debug Bridge (ADB)” or “Prevent Dynamic Hacking Tools”, set Appdome Threat Events to In-App Detection as shown above.
  3. After successfully building and signing your app on Appdome, log in to your Google Firebase console
  4. Add a project and give it a name, then click Continue.
  5. Toggle off (disable) the option Enable Google Analytics for this project.
  6. Click Create project to start a new project.
    Create.firebase.project 398x366
  7. On the Release and monitor tab, select Test Lab
    Firebase.test .tab 650x252
  8. Upload the .apk file of the app you want to test.
  9. Click Create a new test.
  10. Select Robo test and click Continue.
    Firebase.robotest 543x366
  11. Under App APK or AAB section, select Browse, and upload your test application. Then click Continue.
    Select.apk .aab 650x354
  12. Click Customize.
    Customize.bundle.firebase 610x366
  13. Select the devices you want to run your test on and click Confirm, then click Start Test.
    Customize.bundle.firebase 610x366
  14. When completed the test results will be available for viewing.

Testing Appdome-secured iOS Apps using Google Firebase 

  1. Build your app with your chosen Appdome security features. In order to use Firebase, one of the following steps is required:
    • Either Enable a Threat Event for “Detect App is Debuggable”

appdome app.debuggable.threat.event

OR

    • When signing the app, use a provisioning profile that includes “debuggable” entitlement, and sign the app using Appdome’s automated app signing.
  1. After successfully building and signing your app on Appdome, login to your Google Firebase console
  2. Add a project and give it a name, then click Continue.
  3. Toggle off (disable) the option Enable Google Analytics for this project.
    create.project.google.firebase.devsecops
  4. Click Create project to start a new project.
  5. On the Release and monitor tab, select Test Lab.
    firebase.select.test.device.tab
  6. Click Get started (IOS XCTest section).
    configure.google.firebase.automation.test.devsecops
  7. In the next displayed window, upload the .zip file containing the XCTest package and select the Xcode version. Then click Continue.
  8. Click Customize.
    customize firebase bundle
  9. Select the devices you want to run your test on and click Confirm, then click Start Test.
    select.google.firebase.ios.device.test
  10. When completed the test results will be available for viewing.

Troubleshooting Tips

If you see the message such as: “Application has violated security policies and it will be shut down”, this means that (1) techniques such as emulators, tampering, or reverse engineering are present, and (2) the Fusion Set does not contain Appdome Threat-Events. This is likely because the user is running their automation testing tool in ’emulator testing’ mode, which Appdome protects against.

Automation test tools can typically can be used in two modes: emulator mode and manual mode. If you use your automation test tool in “emulator mode” instead of ‘manual testing’ mode, the Appdome-secured application will not run on the device.

If Prevent App Screen Sharing option is turned on in Appdome, the screenshots or the video Firebase automation takes during the test, the image will be black. In case you want to record the session or view the screenshots, you should turn this feature off in the Appdome console before building for Firebase testing.

 

NEED HELP?

let's solve it together

AlanMaking your security project a success!
By filling out this form, you opt-in to recieve emails from us.