Appdome Logo
How to > DevSecOps Automation in CI/CD > Test Secured Mobile Apps > How to Test Secured Android & iOS Apps Using Kobiton

How to Test Secured Android & iOS Apps Using Kobiton

Last updated December 20, 2023 by Appdome

Learn how to test Appdome-secured Android & iOS Apps using the Kobiton automation test platform for DevSecOps. Appdome works with all leading mobile automation testing solutions to help customers achieve comprehensive mobile app security at DevSecOps speed and agility, all within the app’s existing application lifecycle.
Use Appdome’s Build2Test service to test iOS and Android-protected applications on Kobitron for Automated testing.
Customers with an Appdome SRM license can use Appdome’s Build2Test service to quickly and easily test their Appdome-secured mobile apps using Kobiton without the need for different Fusion Sets. With Appdome’s Build2Test service, Appdome’s in-app defense model recognizes the unique signature of these testing services and allows for easy testing without issuing a security alert or forcing the app to exit, even if these services use tools such as Magisk or Frida. For more details, see How to Use Appdome Mobile App Automation Testing.

This knowledge-base article covers the steps needed to test iOS and Android mobile apps secured by Appdome using Kobitron’s mobile test automation suite.

Appdome Protection Triggers  (Android)

Kobiton allows testing apps using its Live Testing interface and Real Device App Automation testing suits. Both can be used to test Appdome-protected mobile apps.

When using Kobiton to run Live Testing or App Automation testing on an Appdome protected app, some security protections may be triggered due to the nature of Kobiton’s test environment. The following table describes which Appdome protection features may be triggered, the reason why and how to avoid it (during the app building stage on Appdome):

Appdome Feature Reason How to prevent such identification
Detect Developer Options Required to interact with the device. Enable Threat Events for Detect Developer Options with In-App Detection mode – Appdome will detect developer options is enabled, but will not close the app.
Block Android Debug Bridge (ADB) Required to interact with the device. Enable Threat Events for Block Android Debug Bridge (ADB) with In-App Detection mode – Appdome will detect ADB is enabled, but will not close the app.
App is Debuggable Kobiton signs the app as debuggable during installation. Enable Threat Events for Anti-Debugging with In-App Detection mode – Appdome will detect debuggable apps, but will not close the app.
App Integrity Kobiton resigns the app. Enable Threat Events for Anti-Tampering with In-App-Detection mode. Appdome will detect app tampering but will not close the app.
Prevent App Screen Sharing Kobiton performs screen recording, so if this feature is enabled, all test videos may show a black screen. Disable Prevent App Screen Sharing.

1. To enable Threat Events for Detect Developer Options on Appdome,

  • Where: Inside the Appdome Console, go to Build > Security Tab > OS Integrity section
  • How: Toggle (turn ON) Detect Developer Options, as shown below.
  • Select the Threat Events option In-App Detection.

896

2. To enable Threat Events for Block Android Debug Bridge (ADB) on Appdome,

  • Where: Inside the Appdome Console, go to Build > Anti Fraud Tab > Mobile Fraud Detection section
  • How: Toggle (turn ON) Block Android Debug Bridge (ADB) as shown below.
  • Select the Threat Events option In-App Detection.

45564

3. To enable Threat Events for Anti-Debugging on Appdome.

  • Where: Inside the Appdome Console, go to Build > Security Tab > ONEShield™ section
  • How: Toggle (turn ON) Anti-Debugging as shown below.
  • Select the Threat Events option In-App Detection.

Debugging

4. To enable Threat Events for Anti-Tampering

  • Where: Inside the Appdome Console, go to Build > Security Tab > ONEShield™  section
  • How: Toggle (turn ON) Anti-Tampering as shown below.
  • Select the Threat Events option In-App Detection.
  • Note: This will not prevent Appdome’s protection from detecting Anti-Tampering, but it will not close the app.

8952

5. To disable Prevent App Screen Sharing on Appdome.

  • Where: Inside the Appdome Console, go to Build > Security Tab > Mobile Privacy section
  • How: Toggle (turn OFF) Prevent App Screen Sharing as shown below.
Mobile Privacy

How to Disable Google Play Protect

Google Play Protect might also prevent an app from running on some Kobiton test devices. You may encounter a message like the following:

Disable Google Play Protect 2

To disable Google Play, Protect on a device:

  1. Launch Google Play on the device.
  2. Click the three dots in the upper right corner.

Google Play

  1.  Select Play Protect

Playstore Play Protect

  1. Click the gear icon on the top right corner.
  2. Disable Play Protect can scan this device and warn you about harmful apps.
  3. Confirm “Turn off app scanning?” by clicking Turn off.

App Scanning  Play Protect Settings

Live Testing Android Apps using Kobiton

Here are the basic steps to initiate a live test of your test app in Kobiton:

  1. Log in to your Kobiton account, or Create an account if you don’t already have one.
  2. On the menu on the left bar, Click the Devices tab.
    You will see a list of test devices.
    Note: If you don’t see any devices, go to the PUBLIC DEVICES on the top tab.

88

  1. Select the Android platform by clicking the Android icon on the Public Devices
  2. Select your preferred test device by clicking the Launch button next to it. A new screen imaging the device will be displayed.

Manual Sessionandroid

  1. Click the Install Apps button in the upper right corner.
  2. Select a test app among previously uploaded test apps, upload a new test app, or provide a test app URL.
  3. Once the app is selected and installed on the device, you will be able to start the test.
  4. While you are running the test, you can view the logs, open the inspector, or see real-time metrics on the right side of the screen by selecting the appropriate tab on the top right.
  5. When testing is finished, click the X button on the top right corner to end the session.
  6. After completing the test, you will be directed to the Session Overview screen with the test session information, video recording of the session, logs, etc.

Real Device App Automation testing – Android

As of the current document’s issuance date, there are no particularly desired capabilities in Kobiton’s real device script-based test automation that would trigger Appdome’s protection features.

Appdome Protection Triggers  (iOS)

Kobiton allows testing apps using its Real Device App Testing (Live) and Real Device App Automation testing suits. Both can be used to test Appdome-secured mobile apps.

When using Kobiton to run Real Device App Testing or App Automation testing on an Appdome-protected app, some security protections may be triggered due to the nature of Kobiton’s test environment. The following table describes which Appdome protection features may be triggered, the reason why, and how to avoid it (during the app building stage on Appdome):

Appdome Feature Reason How to prevent such identification
Prevent App Screen Sharing Kobiton allows a live view of the device screen while the test is running Enable Threat Events for Prevent App Screen Sharing with In-App Detection mode – Appdome will detect the screen sharing but will not close the app.

To enable Prevent App Screen Sharing on Appdome.

  • Where: Inside the Appdome Console, go to Build > Security Tab > Mobile Privacy section
  • How: Toggle (turn ON) Prevent App Screen Sharing as shown below.
Ffff9]

Live Testing iOS Apps using Kobiton

Here are the basic steps to initiate the Real Device Live App test of your test app in Kobiton:

  1. Log in to your Kobiton account, or Create an account if you don’t already have one.
  2. On the menu on the left bar, Click the Devices tab.
    You will see a list of test devices.
    If you don’t see any devices, go to the PUBLIC DEVICES on the top tab.

Device List Ios

  1. Select the iOS platform by clicking the iOS icon on the Public Devices
  2. Select your preferred test device by clicking the Launch button next to it. A new screen imaging the device will be displayed.

Device Log Ios

  1. Click the Install Apps button in the upper right corner.
  2. Select a test app among previously uploaded test apps, upload a new test app, or provide a test app URL.
  3. Once the app is selected and installed on the device, you will be able to start the test.
  4. While you are running the test, you can view the logs, open the inspector, or see real-time metrics on the right side of the screen by selecting the appropriate tab on the top right.
  5. When testing is finished, click the X button on the top right corner to end the session.
  6. After completing the test, you will be directed to the Session Overview screen with the test session information, video recording of the session, logs, etc.

Real Device App Automation testing – iOS

As of the current document’s issuance date, there are no particular desired capabilities in Kobiton’s real device script-based test automation that would trigger Appdome’s protection features.

Troubleshooting Tips

Most automation test tools can typically be used in one of two modes: emulator mode and real device mode (specific terms may vary according to the testing tool). If you use the automation test tool in “emulator mode” instead of “real device mode”, the Appdome-secured application will not run on the device. This is expected because Appdome ONEShield protects apps from running on emulators/simulators. Instead, we recommend running the automation test tool in real-device mode.

If you see a message such as: “Application has violated security policies and it will be shut down”, this means that (1) techniques such as emulators, tampering, or reverse engineering are present, and (2) the Fusion Set does not contain Appdome Threat-Events. This is expected because Appdome ONEShield protects against those conditions. You can either remove the triggering condition or use Appdome Threat Events if applicable.

Related Articles

How to Use Appdome’s Build-to-Test Service

How to Test Appdome-Secured iOS Apps on SauceLabs

How to Test Appdome-secured iOS Apps on BrowserStack

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Appdome

Want a Demo?

Test Secured Mobile Apps

GilWe're here to help
We'll get back to you in 24 hours to schedule your demo.