How to Test Secured Android Apps on Browserstack, Mobile DevSecOps Best Practices

Last updated September 28, 2023 by Appdome

Learn how to test Appdome-secured Android Apps by using Browserstack’s mobile testing suite. Appdome is 100% compatible with all leading mobile application test automation solutions used by DevSecOps teams. Automated testing of secured Android and iOS app helps developers and others rapidly deploy comprehensive mobile app security and fraud prevention with DevSecOps speed and agility.

This knowledge base article covers the steps needed to test Appdome-secured Android mobile apps by using BrowserStack mobile test automation suite.

Appdome works with all leading mobile automation testing solutions to help customers achieve comprehensive mobile app security at DevSecOps speed and agility, all within the app’s existing application lifecycle.

Use Appdome’s Build2Test service to test Android protected application on Browserstack for both Live and Automated testing.
Customers with an Appdome SRM license can use Appdome’s Build2Test service to quickly and easily test their Appdome-secured mobile apps by using Browserstack, without the need for different Fusion Sets. With Appdome’s Build2Test service, Appdome’s in-app defense model recognizes the unique signature of these testing services and allows for easy testing without issuing a security alert or forcing the app to exit, even if these services use tools such as Magisk or Frida. For details, see How to Use Appdome Mobile App Automation Testing.

Testing on Android Apps

Browserstack allows testing apps by using its App Live and App Automate features, which can both be used for testing Appdome secured mobile apps.

The following table describes which Appdome protection features may be triggered and the reason why:

 

Appdome Feature Reason
Root Prevention Some of Browserstack devices are rooted
Detect Developer Options Required to interact with the device – therefore, turned on in Browserstack’s devices
Block Android Debug Bridge (ADB) Required to interact with the device
Android MiTM Prevention Browserstack uses a MiTM proxy
Block Magisk Magisk is installed on some of the rooted devices
Prevent Keystroke Injection Vendor uses adb command to enter text. screen

Testing .aab Apps

Unlike .apk apps, .aab apps must be re-signed before installation.

To avoid triggering Appdome’s Anti Tampering protection as a result of the re-signing process, you can use either of the following options:

  • Use Appdome’s Build2Test
  • Convert the test .aab app into Universal.apk, by using the same key that was used for signing the .aab app, and use the Universal.apk file to test with Browserstack.

Live App testing – Android

To initiate App Live test of your test app in Browserstack:
  1. Log in to your BrowswerStack account. Alternatively, if you do not yet have an account, Create an account.
  2. Click the Let’s Go button in BrowserStack’s account page.
    The website now displays a page with a list of iOS and Android devices you can test the app with.
  3. Click App Live on the top of the page.
  4. Click Upload to upload your signed app build.
    Uploaded Apps
  5. After the app upload completes, select the device to be used for testing the app.
    To do that, click the device type (in the example shown below, Google) and then the device model. The app will be automatically installed on the selected device and then launched.
    Device Used For Uploaded App Browserstack
    Note:
    In case of any issues with the app, you need to send the device logs to Appdome Support by following these steps:

    1. Go to Build > Security on on Appdome.
    2. Enable(toggle On) the option Diagnostic Logs.
      For details, see Knowledge Base article Appdome Diagnostic Logs for Troubleshooting Secured Apps.
      Appdome Dev Options
    3. Go back to BrowserStack and re-run the steps used for uploading the app with the selected device.
    4. Click the Kill/Uninstall button on the running app.
      Kill Uninstall
    5. Select the options All Device Logs and Verbose.
      Devtools All Device Logs
    6. Clear the log under DEVTOOLS.
    7. On the device, open the app once more, getting to the point where the issue occurred (and take note of the time).
    8. Click Download at the top right-hand corner under DEVTOOLS.
    9. Set a name for the downloaded log, including the time the issue occurred.
    10. Sent the log by email to support@appdome.com, complete with details on the issue, device model, and OS version used in testing.

Automating App Testing on Android

BrowserStack has several Appium capabilities, namely: a series of key-value pairs that allow you to configure your tests on BrowserStack. For further details, see the Capabilities Builder – Appium webpage.
The network Log Appium capability can trigger Appdome protection features, as specified below.
BrowserStack-Specific Appium Capability Reason
networkLog By default, BrowserStack re-signs the app to enable capturing network log.

Related Articles:

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

Appdome

NEED HELP?

let's solve it together

AlanMaking your security project a success!
By filling out this form, you opt-in to receive emails from us.