How to Test Secured iOS Apps on Lambdatest, Mobile DevSecOps Best Practices

Last updated June 5, 2023 by Appdome

General Information about Testing in iOS Apps

Lambdatest allows testing apps by using its App Live and App Automate features, which can both be used for testing Appdome secured mobile apps.

When using Lambdatest to run Real Device App Automation testing on an Appdome protected app, you can choose between either of the following methods:
  • Use Appdome’s Build-to-Test service (recommended)
    Customers with an Appdome SRM license can use Appdome’s Build-to-Test service to quickly and easily test their Appdome-secured mobile apps by using Lambdatest, without the need for different Fusion Sets. With Appdome’s Build-to-Test service, Appdome’s in-app defense model recognizes the unique signature of these testing services and allows for easy testing without issuing a security alert or forcing the app to exit, even if these services use tools such as Magisk or Frida. For details, see How to Use Appdome Mobile App Automation Testing.
  • Use threat events
    When using threat events, Appdome protection features may be triggered triggered due to the nature of Lambdatest’s test environment, thereby slowing down your work
The following table describes which Appdome protection features may be triggered, the reason why and how to avoid it (during the app building stage on Appdome:
Appdome feature Reason How to prevent such identification
Prevent App Screen Sharing
Lambdatest

allows live view of the device screen while the test is running

Enable the Prevent App Screen Sharing toggle and enable Threat Events for this feature with In-App Detection mode – Appdome will detect debuggable app, but will not close the app.
Anti-Debugging
Lambdatest

signs the app as debuggable upon installation

Sign your app on Appdome by using a provisioning profile that includes debuggable entitlement.

– or –

Enable Threat Events for Anti-Debugging with In-App Detection mode – Appdome will detect debuggable app, but will not close the app.

Threat Event Modes

  • In-App Detection – Appdome detects the attack or threat and passes the event in a standard format to the app for processing, namely: the choice how and when to enforce is made based on your app’s settings.
  • In-App Defense – When a security event is detected by Appdome, Appdome will pass the event from the Appdome layer to the app.
    Appdome’s security engine will handle the event, the default behavior is for the app to exit after displaying a compromise notification to the end user (compromise notifications are customizable).

Preventing Protections from being Triggered for Prevent App Screen Sharing

To prevent security protections from being triggered for Prevent App Screen Sharing:

    1. Go to Build > Security.
  1. Go to the Mobile Privacy section.
  2. Enable (toggle On) Prevent App Screen Sharing.
  3. Enable Threat Events for the Prevent App Screen Sharing feature.
  4. Select the In-App-Detection mode.
    Prevent App Screen Sharing On Ios

Preventing Protections from being Triggered for Anti-Debugging

To prevent security protections from being triggered for Anti-Debugging:

  1. Go to ONEShield™ by Appdome in any of the Appdome tabs.
  2. Enable Threat Events for the Anti-Debugging feature.
  3. Select the In-App-Detection mode.
    Antidebuggingthreatevents

Real Device (Live) App testing – iOS

To initiate Real Device (Live) App test of your test app in Lambdatest:
  1. Log in to your Lambdatest account. Alternatively, if you do not yet have an account, Create an account.
  2. On the menu on the right bar, click Real Device > App Testing.
    You will now see a list of previously uploaded iOS and Android apps.
    Previosulydisplayedapps
  3. Select iOS platform on the left side of the screen.
  4. Select your app to test from the apps list.

    If you have not previously uploaded your app, you can do it now by clicking on UPLOAD to upload the app directly from your computer, or URL to obtain the app from somewhere else.
  5. Select a test device of your choice by selecting its brand, device name and OS version from the list on the right.
  6. Click Start to start testing.
    Starttesting Ios
    The app will be automatically installed on the selected device and then launched. The app’s device control buttons are displayed on the left.
  7. Click the app on the screen to use it.
  8. When done, click End Session (red button on the left side of the screen).

Real Device App Automation Testing on iOS

Lambdatest has several Appium capabilities, namely: a series of key-value pairs that allow you to configure your tests on Lambdatest. For further details, see the  Capabilities Builder – Appium webpage.
The network Log Appium capability can trigger Appdome protection features, as specified below.
Lambdatest-Specific Appium Capability Reason How to prevent such identification
networkLog Lambdatest signs the app as debuggable upon installation.

Sign your app on Appdome by using a provisioning profile that includes the debuggable entitlement.

– or –

Enable Threat Events for Detect App Is Debuggable with In-Ap p Detection mode – Appdome will detect debuggable app, but will not close the app.

networkLog Lambdatest uses a MiTM proxy Enable Threat Events for iOS MiTM Prevention with In-App Detection mode – Appdome will detect MiTM proxy, but will not close the app.
To prevent the triggering of Appdome protection features for Detect App is Debuggable:
  1. Go to ONEShield™ by Appdome in any of the Appdome tabs.
  2. Enable Threat Events for the Detect App is Debuggable feature.
  3. Select the In-App-Detection mode.
    Ios Detectappisdebuggable
To prevent the triggering of Appdome protection features for iOS MiTM Prevention:
  1. Go to Build > Security.
  2. Go to the Secure Communication section.
  3. Enable Threat Events for the iOS MiTM Prevention feature.
  4. Select the In-App-Detection mode.
    Iosmitmpreventionthreatevents

Note:

For additional measures to take during app build on Appdome, see section General Information about Testing in iOS Apps above.

Troubleshooting Tips

  • Most automation test tools can typically be used in one of two modes: emulator mode and real device mode (specific terms may vary according to the testing tool). If you use the automation test tool in “emulator mode” instead of “real device mode”, the Appdome-secured application will not run on the device. This is expected because Appdome ONEShield protects apps from running on emulators/simulators.  Instead, you should run the automation test tool in real device
  • If you see a message such as: “Application has violated security policies and it will be shut down”, this means that (1) techniques such as emulators, tampering, or reverse engineering are present, and (2) the Fusion Set does not contain Appdome Threat-Events. This is expected because Appdome ONEShield protects against those conditions. You can either remove the triggering condition or use Appdome Threat Events if applicable.

Related Articles

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

NEED HELP?

let's solve it together

KarenMaking your security project a success!
By filling out this form, you opt-in to recieve emails from us.