How to Test Secured Android Apps on Lambdatest, Mobile DevSecOps Best Practices
This knowledge base article covers the steps needed to test Appdome secured Android mobile apps by using Lambdatest mobile test automation suite.
Which Appdome Security Protections May be Triggered due to Lambdatest’s Test Environment
- Use Appdome’s Build-to-Test service (recommended)
Customers with an Appdome SRM license can use Appdome’s Build-to-Test service to quickly and easily test their Appdome-secured mobile apps by using Lambdatest, without the need for different Fusion Sets. With Appdome’s Build-to-Test service, Appdome’s in-app defense model recognizes the unique signature of these testing services and allows for easy testing without issuing a security alert or forcing the app to exit, even if these services use tools such as Magisk or Frida. For details, see How to Use Appdome Mobile App Automation Testing. - Use threat events
When using threat events, Appdome protection features may be triggered triggered due to the nature of Lambdatest’s test environment, thereby slowing down your work.
Appdome feature | Reason | How to prevent such identification |
Detect Developer Options | Required to interact with the device | Enable Threat Events for Detect Developer Options with In-App Detection mode – Appdome will detect that the setting Developer options is enabled, but will not close the app.
Developer options is an Android setting that allows developers to configure system behaviors for administrative and troubleshooting purposes. |
Block Android Debug Bridge (ADB) | Required to interact with the device | Enable Threat Events for Block Android Debug Bridge (ADB) with In-App Detection mode – Appdome will detect ADB is enabled, but will not close the app. ADB is a very powerful and versatile command-line tool that allows communicating with Android devices or Android apps either remotely or via a USB interface to perform a wide range of actions by running and executing an extensive list of commands installing and debugging apps, and it provides access to the Android shell. While ADB is intended for use by legitimate developers in building, debugging, and troubleshooting Android apps, it can also be used by cybercriminals, fraudsters, and hackers for other purposes. |
Prevent App Screen Sharing | Lambdatest performs screen recording, so if this feature is enabled all test videos may show black screen | Disable Prevent App Screen Sharing. |
Threat Event Modes
- In-App Detection – Appdome detects the attack or threat and passes the event in a standard format to the app for processing (your app chooses how and when to enforce).
- In-App Defense – When a security event is detected by Appdome, Appdome will pass the event from the Appdome layer to the app. Appdome’s security engine will handle the event, the default behavior is for the app to exit after displaying a compromise notification to the end user (compromise notifications are customizable).
Preventing Protections from being Triggered for Detect Developer Options
- Go to Build > Security.
- Go to the OS Integrity section.
- Enable (toggle On) Detect Developer Options.
- Select the check box Threat Events.
- From the list of threat event type, select In-App Detection.
Preventing Protections from being Triggered for Block Android Debug Bridge (ADB)
- Go to Build > Anti Fraud.
- Go to the Mobile Fraud Prevention section.
- Enable (toggle On) Block Android Debug Bridge (ADB).
- Select the check box Threat Events.
- From the list of threat event type, select In-App Detection.
Preventing Protections from being Triggered for Prevent App Screen Sharing
To prevent security protections from being triggered for Prevent App Screen Sharing:
- Go to Build > Security.
- Go to the Mobile Privacy section.
- Ensure that Prevent App Screen Sharing is disabled (toggle off).
Testing .aab Apps
Unlike .apk apps, .aab apps must be re-signed before installation.
To avoid triggering Appdome’s Anti Tampering protection as a result of the re-signing process, you can use either of the following options:
- Convert the test .aab app into Universal.apk, by using the same key that was used for signing the .aab app, and use the Universal.apk file to test with Lambdatest.
- Go to ONEShield™ by Appdome in any of the tabs, enable Threat Events for the Anti-Tampering feature and select the In-App-Detection mode.
Real Device (Live) App testing – Android
- Log in to your Lambdatest account. Alternatively, if you do not yet have an account, Create an account.
- On the menu on the right bar, click Real Device > App Testing.
You will now see a list of previously uploaded iOS and Android apps.
- Select Android platform on the left side of the screen.
-
Select your app to test from the apps list.
If you have not previously uploaded your app, you can do it now by clicking on UPLOAD to upload the app directly from your computer, or URL to obtain the app from somewhere else. -
Select a test device of your choice by selecting its brand, device name and OS version from the list on the right.
- Click Start to start testing.
The app will be automatically installed on the selected device and then launched. The app’s device control buttons are displayed on the left. - Click the app on the screen to use it.
- When done, click End Session (red button on the left side of the screen).
Automating App Testing on Android
Lambdatest-Specific Appium Capability | Reason | How to prevent such identification |
networkLog | By default, Lambdatest re-signs the app to enable capturing network log. | Enable Threat Events for Anti-Tampering with In-App Detectionmode – Appdome will detect app re-signing, but will not close the app. |
networkLog | Lambdatest uses a MiTM proxy | Enable Threat Events for Android MiTM Prevention with In-App Detection mode – Appdome will detect MiTM proxy, but will not close the app. |
- Go to ONEShield™ by Appdome in any of the Appdome tabs.
- Enable Threat Events for the Anti-Tampering feature.
- Select the In-App-Detection mode.
- Go to Build > Security.
- Go to the Secure Communication section.
- Enable Threat Events for the Android MiTM Prevention feature.
- Select the In-App-Detection mode.
Note:
Troubleshooting Tips
- Most automation test tools can typically be used in one of two modes: emulator mode and real device mode (specific terms may vary according to the testing tool). If you use the automation test tool in “emulator mode” instead of “real device mode”, the Appdome-secured application will not run on the device. This is expected because Appdome ONEShield protects apps from running on emulators/simulators. Instead, you should run the automation test tool in real device
- If you see a message such as: “Application has violated security policies and it will be shut down”, this means that (1) techniques such as emulators, tampering, or reverse engineering are present, and (2) the Fusion Set does not contain Appdome Threat-Events. This is expected because Appdome ONEShield protects against those conditions. You can either remove the triggering condition or use Appdome Threat Events if applicable.
Related Articles
- How to Test Secured iOS Apps on Lambdatest
- How to Use Appdome’s Build-to-Test Service
- How to Test Appdome-secured iOS Apps on Browserstack
- How to Test Secured Android Apps on Browserstack
- How to Test Appdome-secured Android Apps on SauceLabs
- How to Test Secured iOS Apps on SauceLabs
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.