How to Test Secured iOS Apps on Lambdatest, Mobile DevSecOps Best Practices
General Information about Testing in iOS Apps
Lambdatest allows testing apps by using its App Live and App Automate features, which can both be used for testing Appdome secured mobile apps.
- Use Appdome’s Build-to-Test service (recommended)
Customers with an Appdome SRM license can use Appdome’s Build-to-Test service to quickly and easily test their Appdome-secured mobile apps by using Lambdatest, without the need for different Fusion Sets. With Appdome’s Build-to-Test service, Appdome’s in-app defense model recognizes the unique signature of these testing services and allows for easy testing without issuing a security alert or forcing the app to exit, even if these services use tools such as Magisk or Frida. For details, see How to Use Appdome Mobile App Automation Testing. - Use threat events
When using threat events, Appdome protection features may be triggered triggered due to the nature of Lambdatest’s test environment, thereby slowing down your work
Appdome feature | Reason | How to prevent such identification |
Prevent App Screen Sharing |
Lambdatest
allows live view of the device screen while the test is running |
Enable the Prevent App Screen Sharing toggle and enable Threat Events for this feature with In-App Detection mode – Appdome will detect debuggable app, but will not close the app. |
Anti-Debugging |
Lambdatest
signs the app as debuggable upon installation |
Sign your app on Appdome by using a provisioning profile that includes debuggable entitlement.
– or – Enable Threat Events for Anti-Debugging with In-App Detection mode – Appdome will detect debuggable app, but will not close the app. |
Threat Event Modes
- In-App Detection – Appdome detects the attack or threat and passes the event in a standard format to the app for processing, namely: the choice how and when to enforce is made based on your app’s settings.
- In-App Defense – When a security event is detected by Appdome, Appdome will pass the event from the Appdome layer to the app.
Appdome’s security engine will handle the event, the default behavior is for the app to exit after displaying a compromise notification to the end user (compromise notifications are customizable).
Preventing Protections from being Triggered for Prevent App Screen Sharing
To prevent security protections from being triggered for Prevent App Screen Sharing:
-
- Go to Build > Security.
- Go to the Mobile Privacy section.
- Enable (toggle On) Prevent App Screen Sharing.
- Enable Threat Events for the Prevent App Screen Sharing feature.
- Select the In-App-Detection mode.
Preventing Protections from being Triggered for Anti-Debugging
To prevent security protections from being triggered for Anti-Debugging:
- Go to ONEShield™ by Appdome in any of the Appdome tabs.
- Enable Threat Events for the Anti-Debugging feature.
- Select the In-App-Detection mode.
Real Device (Live) App testing – iOS
- Log in to your Lambdatest account. Alternatively, if you do not yet have an account, Create an account.
- On the menu on the right bar, click Real Device > App Testing.
You will now see a list of previously uploaded iOS and Android apps.
- Select iOS platform on the left side of the screen.
-
Select your app to test from the apps list.
If you have not previously uploaded your app, you can do it now by clicking on UPLOAD to upload the app directly from your computer, or URL to obtain the app from somewhere else. -
Select a test device of your choice by selecting its brand, device name and OS version from the list on the right.
- Click Start to start testing.
The app will be automatically installed on the selected device and then launched. The app’s device control buttons are displayed on the left. - Click the app on the screen to use it.
- When done, click End Session (red button on the left side of the screen).
Real Device App Automation Testing on iOS
Lambdatest-Specific Appium Capability | Reason | How to prevent such identification |
networkLog | Lambdatest signs the app as debuggable upon installation. |
Sign your app on Appdome by using a provisioning profile that includes the debuggable entitlement. – or – Enable Threat Events for Detect App Is Debuggable with In-Ap p Detection mode – Appdome will detect debuggable app, but will not close the app. |
networkLog | Lambdatest uses a MiTM proxy | Enable Threat Events for iOS MiTM Prevention with In-App Detection mode – Appdome will detect MiTM proxy, but will not close the app. |
- Go to ONEShield™ by Appdome in any of the Appdome tabs.
- Enable Threat Events for the Detect App is Debuggable feature.
- Select the In-App-Detection mode.
- Go to Build > Security.
- Go to the Secure Communication section.
- Enable Threat Events for the iOS MiTM Prevention feature.
- Select the In-App-Detection mode.
Note:
For additional measures to take during app build on Appdome, see section General Information about Testing in iOS Apps above.
Troubleshooting Tips
- Most automation test tools can typically be used in one of two modes: emulator mode and real device mode (specific terms may vary according to the testing tool). If you use the automation test tool in “emulator mode” instead of “real device mode”, the Appdome-secured application will not run on the device. This is expected because Appdome ONEShield protects apps from running on emulators/simulators. Instead, you should run the automation test tool in real device
- If you see a message such as: “Application has violated security policies and it will be shut down”, this means that (1) techniques such as emulators, tampering, or reverse engineering are present, and (2) the Fusion Set does not contain Appdome Threat-Events. This is expected because Appdome ONEShield protects against those conditions. You can either remove the triggering condition or use Appdome Threat Events if applicable.
Related Articles
- How to Use Appdome’s Build-to-Test Service
- How to Test Secured Android Apps on Lambdatest
- Test Appdome-secured Android Apps by Using SauceLabs
- Testing Secured iOS Apps by Using SauceLabs
- How to Test Appdome-secured iOS Apps on Browserstack
- How to Test Secured Android Apps on Browserstack
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.