Logo Admin Hdr
How to > DevSecOps Automation in CI/CD > Test Secured Mobile Apps > How to Test Secured iOS Apps on SauceLabs, Mobile DevSecOps Best Practices

How to Test Secured iOS Apps on SauceLabs, Mobile DevSecOps Best Practices

Last updated June 5, 2023 by Appdome

Learn how to test Appdome-secured iOS Apps by using SauceLabs automation test platform for DevSecOps. Appdome works with all leading mobile automation testing solutions to help customers achieve comprehensive mobile app security at DevSecOps speed and agility, all within the app’s existing application lifecycle.

This knowledge base article covers the steps needed to test Appdome secured iOS mobile apps by using Saucelabs mobile test automation suite.

General Information

Saucelabs allows testing apps using its App Live and App Automate features. Both can be used for testing Appdome-secured mobile apps. When using Saucelabs to run Live Mobile App or Automated testing on an Appdome protected app, you can choose between either of the following methods:

  • Use Appdome’s Build-to-Test service (recommended)
    Customers with an Appdome SRM license can use Appdome’s Build-to-Test service to quickly and easily test their Appdome-secured mobile apps by using Saucelabs, without the need for different Fusion Sets. With Appdome’s Build-to-Test service, Appdome’s in-app defense model recognizes the unique signature of these testing services and allows for easy testing without issuing a security alert or forcing the app to exit, even if these services use tools such as Magisk or Frida. For details, see How to Use Appdome Mobile App Automation Testing.
  • Use threat events
    When using threat events, Appdome protection features may be triggered triggered due to the nature of Saucelabs’s test environment, thereby slowing down your work.

The following table describes which Appdome protection features may be triggered, the reason why and how to avoid it (during the app building stage on Appdome)

Appdome feature Reason How to prevent such identification
Prevent App Screen Sharing Saucelabs allows live view of the device screen while the test is running Enable the Prevent App Screen Sharing toggle and enable Threat Events for this feature with In-App Detection mode – Appdome will detect debuggable app, but will not close the app.
App Is Debuggable Saucelabs signs the app as debuggable upon installation Sign your app on Appdome by using a provisioning profile that includes debuggable entitlement.

– or –

Enable Threat Events for Anti-Debugging with In-App Detection mode – Appdome will detect debuggable app, but will not close the app.

Threat-event Modes

  • In-App Detection – Appdome detects the attack or threat and passes the event in a standard format to the app for processing, namely: the choice how and when to enforce is made based on your app’s settings.
  • In-App Defense – When a security event is detected by Appdome, Appdome will pass the event from the Appdome layer to the app.
    Appdome’s security engine will handle the event, the default behavior is for the app to exit after displaying a compromise notification to the end user (compromise notifications are customizable).

Preventing Protections from being Triggered for Prevent App Screen Sharing

To prevent security protections from being triggered for Prevent App Screen Sharing:

  1. Go to Build > Security.
  2. Go to the Mobile Privacy section.
  3. Ensure that Prevent App Screen Sharing is enabled (toggled on).
  4. Enable Threat Events for the Prevent App Screen Sharing feature.
  5. Select the In-App-Detection mode.
    Prevent App Screen Sharing On Ios

Preventing Protections from being Triggered for App is Debuggable

To prevent security protections from being triggered for App is Debuggable:

  1. Go to ONEShield™ by Appdome in any of the Appdome tabs.
  2. Enable Threat Events for the Detect App is Debuggable feature.
  3. Select the In-App-Detection mode.
    Ios Detect App is Debuggable

Live App testing – iOS

To initiate Live Mobile App test of your test app in Saucelabs:

  1. Build the iOS app with Appdome security.
    Saucelabs will re-sign your app by using a provisioning profile that includes “debuggable” entitlement before installing it.
    This may trigger Appdome’s detection for debuggable applications. To prevent such a reaction, take either of the following measures:
    – Sign your app on Appdome by using a provisioning profile that includes the debuggable entitlement;
    Or
    – Enable Threat Events for Detect App is Debuggable with In-App Detection mode, as specified above in section Preventing Protections from being Triggered for App is DebuggableAppdome will detect the app as debuggable, but will not close the app.
    Note:
    For additional measures to take during app build on Appdome, see section General under iOS Apps above.
  2. After successfully building and signing your app on Appdome, log in to your Saucelabs account. Alternatively, if you do not yet have an account, create an account.
  3. On the left sidebar select App Management.
    If you see an option to select     between devices on a Virtual Cloud and Real Devices, select Real Devices.
    Ios Saucelabs App Management
    list of your apps will be displayed.
    If you have not uploaded any app before, the list will be empty.

    If your test app does not appear in the above list, you can upload it by
    dragging the app, or by clicking choose file.
    Sacucelabs App Management
  4. After you uploaded your test app, hover your mouse/cursor over the app to display the Start Test option.
  5. Click Start Test to select the test device.
    iOS Start Test Button
  6. Select an available test device from the displayed list and click Launch.
    This will start a manual test of the uploaded app on the selected device.
    Manual Test of Uploaded App
  7. To see live device logs, click Log on the menu on the right.
    iOS Live Device Logs
  8. When Done, click STOP  on the right menu.

Automating App Testing on iOS

When using Saucelabs with Automate App testing on an Appdome protected app, certain security protections may be triggered due to advanced options that need to be enabled in Saucelabs, test environment. In addition to the protections that are triggered in live testing, as specified earlier in section General Information about Testing in iOS Apps, the following table describes which Appdome protection features may be triggered when performing automated testing, the reason why and how to avoid it (during the app building stage on Appdome):
Saucelabs Specific Appium Capability Reason How to prevent such identification
networkCapture Saucelabs signs the app as debuggable upon installation Sign your app on Appdome by using a provisioning profile that includes the debuggable entitlement.
OrEnable Threat Events for Detect App Is Debuggable with In-App Detection mode – Appdome will detect debuggable app, but will not close the app.
resigningEnabled Saucelabs signs the app as debuggable upon installation Sign your app on Appdome by using a provisioning profile that includes the debuggable entitlement.
– or –Enable Threat Events for Detect App Is Debuggable with In-App Detection mode – Appdome will detect debuggable app, but will not close the app.
saucelaLabsImageInjectionEnabled
 Saucelabs signs the app as debuggable upon installation Sign your app on Appdome by using a provisioning profile that includes the debuggable entitlement.
– or –Enable Threat Events for Detect App Is Debuggable with In-App Detection mode – Appdome will detect debuggable app, but will not close the app.
saucelaLabsBypassScreenshotsRestriction
 Saucelabs signs the app as debuggable upon installation Sign your app on Appdome by using a provisioning profile that includes the debuggable entitlement.
– or –
Enable Threat Events for Detect App Is Debuggable with In-App Detection mode – Appdome will detect debuggable app, but will not close the app.

To prevent security protections from being triggered for App is Debuggable:

  1. Go to ONEShield™ by Appdome in any of the Appdome tabs.
  2. Enable Threat Events for the Detect App is Debuggable feature.
  3. Select the In-App-Detection mode.
    iOS Detect App is Debuggable

Note

To avoid app resigning by Saucelabs, it is required to disable Instrumentation and Image Injection on Saucelabs cloud.

Troubleshooting Tips

Most automation test tools can typically be used in either of two modes: emulator mode and manual mode (specific terms may vary according to the testing tool). If you use the automation test tool in “emulator mode” instead of “manual mode”, the Appdome-secured application will not run on the device. This is expected because Appdome ONEShield protects apps from running on emulators/simulators.  Instead, you should run the automation test tool in manual mode.

If you see a message such as: “Application has violated security policies and it will be shut down”, this means that (1) techniques such as emulators, tampering, or reverse engineering are present, and (2) the Fusion Set does not contain Appdome Threat-Events. This is expected because Appdome ONEShield protects against those conditions. You can either remove the triggering condition or use Appdome Threat Events if applicable.

Related Articles

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

NEED HELP?

let's solve it together

ScottMaking your security project a success!
By filling out this form, you opt-in to recieve emails from us.