Testing Secured Android & iOS Apps by Using Perfecto, Mobile DevSecOps Best Practices

Learn how to test Runtime Application Self Protecting (RASP) Protected and obfuscated Android & iOS Apps using Perfecto’s mobile testing suite. Appdome is 100% compatible with all leading mobile application test automation solutions. Automated testing of secured Android and iOS app helps developers and others rapidly deploy comprehensive mobile app security and fraud prevention with DevSecOps speed and agility.

DevSecOps Testing with Perfecto | Secured Android, iOS Apps

This knowledge base article covers the steps needed to test Appdome secured Android & iOS mobile apps using Perfecto’s mobile test automation suite.

Secure the App by Using Appdome

1. First, build your Android app with Appdome’s no-code mobile app security and/or fraud prevention protections.
2. For Android apps, make sure that the Detect Developer Options is not enabled on Appdome (Android Developer Options are required in order to use Perfecto’s testing platform).
   
3. In order to use Perfecto, you are advised to enable Appdome Threat Events for Anti-Tampering, as shown below:
   

Testing the Appdome-Secured App Using Perfecto

1. Go to https://perfecto.io and from the top menu select Logins->Mobile Cloud Log-in
2. Enter your login credentials and log-in.
3. Select ACCOUNT SETUP
   
4. On the top, go to the PRIVATE tab.
   
5. Click Upload file and upload your test app.
6. From the top menu select Manual Testing
   
7. Select the device you want to run your test on. Double-click the device to select it.
   
8. After opening the selected device, click the Apps icon and select +INSTALL NEW
   
9. Select the app you previously uploaded, select the check box Launch after installing, then click NEXT and INSTALL APP.
   
10. Run your test manually. You can view the phone’s logs by clicking the Logs icon.
    

Testing Secured iOS Apps using Perfecto 

Follow these steps to test an Appdome-secured iOS app with Perfecto Mobile test automation suite.

1. Build your iOS app with Appdome’s no-code mobile app security and/or fraud prevention protections.
2. In order to use Perfecto, it is recommended that you build your app using Appdome Threat Events for Anti-Tampering, as shown below:
   
3. Go to https://perfecto.io and from the top menu select Logins > Mobile Cloud Login.
4. Enter your login credentials and log-in.
5. Select ACCOUNT SETUP.
   
6. On the top, go to the PRIVATE tab.
   
7. Press Upload file to upload your test app.
8. From the top menu select Manual Testing.
   
9. Select the device you want to run your test on. Double-click to select the device.
   
10. After opening the chosen device, press the Apps icon and select +INSTALL NEW.
    
11. Select the app you previously uploaded, then in the CONFIGURE APP tab, check “Resign application” and uncheck “Launch after installing”, then click INSTALL APP.
    
12. Wait for the installation to complete. Then Launch your test app and run your test manually.

You can view the mobile device logs by pressing the Logs icon.

Troubleshooting Tips

If you see the message such as: “Application has violated security policies and it will be shut down”, this means that (1) techniques such as emulators, tampering, or reverse engineering are present, and (2) the Fusion Set does not contain Appdome Threat-Events. This is likely because the user is running Perfecto in ’emulator testing’ mode, which Appdome protects against.

Perfecto can be used in one of two modes: emulator testing or manual testing.  Using Perfecto in “emulator mode” will trigger Appdome’s ONEShield app hardening protection.  Therefore you should use manual mode (ie: real mobile devices) to test Appdome-secured apps.

Also, you should avoid enabling Perfecto’s “Instrumentation” options, as this will also trigger Appdome’s protections.

Related Articles

How to Use Appdome’s Build-to-Test Service