DevSecOps Testing Android, iOS Apps Using Firebase

Learn how to test Appdome-secured Android & iOS Apps Using Firebase automation test platform for DevSecOps. Appdome works with all leading mobile automation testing solutions to help customers achieve comprehensive mobile app security at DevSecOps speed and agility, all within the app’s existing application lifecycle.

Testing Appdome-secured Android Apps using Google Firebase

• Build your app with your chosen Appdome security features. In order to use Firebase, you need to enable Appdome Threat Events for Anti-Tampering, as shown below.  Then build your app.

• If your fusion set contains “Detect Developer Options”, “Block Android Debug Bridge (ADB)” or “Prevent Dynamic Hacking Tools”, set Appdome Threat Events to In-App Detection as shown above.

• After successfully building and signing your app on Appdome, login to your Google Firebase console

• Add a project and give it a name, then click Continue.

• Unselect “Enable Google Analytics for this project”

• Click “Create project” to start a new project.

• On the Release and monitor tab, select Test Lab

• Upload the .apk file of the app you want to test.

• Click “Create a new test”.

• Select Robo test and click “Continue”.

Under App APK or AAB section, select Browse, and upload your test application. Then click “Continue”.

• Click “Customize”

• Select the devices you want to run your test on and click “Confirm“, then click “Start Test“.

• When completed the test results will be available for viewing.

Testing Appdome-secured iOS Apps using Google Firebase 

• Build your app with your chosen Appdome security features. In order to use Firebase, one of the following steps is required:
  • Either Enable a Threat Event for “Detect App is Debuggable”

OR

• • When signing the app, use a provisioning profile that includes “debuggable” entitlement, and sign the app using Appdome’s automated app signing.

• After successfully building and signing your app on Appdome, login to your Google Firebase console

• Add a project and give it a name, then click Continue.

• Unselect “Enable Google Analytics for this project”

• Click “Create project” to start a new project.

• On the Release and monitor tab, select Test Lab

• Click “Get started” (IOS XCTest section)

• In the next displayed window, upload the .zip file containing the XCTest package and select the Xcode version. Then click “Continue”.

• Click “Customize”

• Select the devices you want to run your test on and click “Confirm“, then click “Start Test“.

• When completed the test results will be available for viewing.

Troubleshooting Tips

If you see the message such as: “Application has violated security policies and it will be shut down”, this means that (1) techniques such as emulators, tampering, or reverse engineering are present, and (2) the Fusion Set does not contain Appdome Threat-Events. This is likely because the user is running their automation testing tool in ’emulator testing’ mode, which Appdome protects against.

Automation test tools can typically can be used in two modes: emulator mode and manual mode. If you use your automation test tool in “emulator mode” instead of ‘manual testing’ mode, the Appdome-secured application will not run on the device.

If Prevent App Screen Sharing option is turned on in Appdome, the screenshots or the video Firebase automation takes during the test, the image will be black. In case you want to record the session or view the screenshots, you should turn this feature off in the Appdome console before building for Firebase testing.