How to Test Secured iOS Apps on BitBar, Mobile DevSecOps Best Practices

Last updated June 5, 2023 by Appdome

BitBar allows testing apps by using its Live Testing and Automation test suits. Both can be used to test Appdome-secured mobile apps.

When using Bitbar to run Live App or App Automate testing on an Appdome-protected app, you can choose between either of the following methods:

Use Appdome’s Build-to-Test service (recommended)
Customers with an Appdome SRM license can use Appdome’s Build-to-Test service to quickly and easily test their Appdome-secured mobile apps by using BitBar, without the need for different Fusion Sets. With Appdome’s Build-to-Test service, Appdome’s in-app defense model recognizes the unique signature of these testing services and allows for easy testing without issuing a security alert or forcing the app to exit, even if these services use tools such as Magisk or Frida. For details, see How to Use Appdome Mobile App Automation Testing.
Use threat events
When using threat events, Appdome protection features may be triggered triggered due to the nature of BitBar’s test environment, thereby slowing down your work

Possibly Triggered Appdome Protection Features

The following table describes which Appdome protection features may be triggered, the reason why, and how to avoid it (during the app building stage on Appdome):

Appdome Feature	Reason	How to Prevent Such Identification
Prevent App Screen Sharing	BitBar allows live view of the device screen while the test is running	Enable Threat Events for Prevent App Screen Sharing with In-App Detection mode – Appdome will detect the screen sharing , but will not close the app.
iOS MiTM Prevention	Bitbar uses a MiTM proxy	Enable Threat Events for iOS MiTM Prevention with In-App Detection mode – Appdome will detect MiTM proxy, but will not close the app.
Anti-Debugging	BitBar signs the app as debuggable upon installation	Sign your app on Appdome by using a provisioning profile that includes “debuggable” entitlement. Or –Enable Threat Events for Anti-Debugging with In-App Detection mode – Appdome will detect debuggable app, but will not close the app.

Threat-event Modes

In-App Detection – Appdome detects the attack or threat and passes the event in a standard format to the app for processing, namely: the choice how and when to enforce is made based on your app’s settings.
In-App Defense – When a security event is detected by Appdome, Appdome will pass the event from the Appdome layer to the app.
Appdome’s security engine will handle the event, the default behavior is for the app to exit after displaying a compromise notification to the end user (compromise notifications are customizable).

Preventing Protections from being Triggered for Prevent App Screen Sharing

To prevent security protections from being triggered for Prevent App Screen Sharing:

Go to Build > Security.
Go to the Mobile Privacy section.
Enable (toggle on) Prevent App Screen Sharing
Select the check box Threat Events.
From the list of threat event type, select In-App Detection.

Preventing Protections from being Triggered for iOS MiTM Prevention

To prevent security protections from being triggered for iOS MiTM Prevention:

Go to Build > Security.
Go to the Secure Communication section.
Enable (toggle On) iOS MiTM Prevention.
Select the check box Threat Events.
From the list of threat event type, select In-App Detection.

Preventing Protections from being Triggered for Anti-Debugging

To prevent security protections from being triggered for Anti-Debugging:

Go to ONEShield™ by Appdome in any of the Appdome tabs.
Enable Threat Events for the Anti-Debugging feature.
Select the In-App-Detection mode.
Select the check box Threat Events.
From the list of threat event type, select In-App Detection.

Live App testing – iOS

To initiate App Live test of your iOS test app in Bitbar:

Log in to your BitBar account. Alternatively, if you do not yet have an account, Create an account.
Under Live Testing click Start Mobile App Live Test.
Select a device or a device group (shown on the right side) from the displayed list.

The list is alphabetically sorted by Manufacturer so Apple devices will probably show first. Alternatively, you can use filters (on the left) to find a device matching your preferences.

After a device is selected, it will be displayed on the screen. Various device-related options are displayed on the right and an additional menu is displayed on the bottom left side.

Bitbarselectedappledevice

Click Files on the left-side menu, and then Upload or choose files +.

A file library with the previously uploaded app files is displayed.
Select the app you would like to test, thus installing and launching the selected app on the test device.
If you have not yet uploaded the test app, upload it now by clicking Upload File button on the top, and then select it.
Note:
The files in the app library are sorted in alphabetical order and include files of all platforms.
Perform your tests manually.
Click STOP when done.
Test session details will be displayed, and the test results will be available for later view under Live Testing > Test Results.

Automation App Testing – Appium iOS Client Side

BitBar does not have specific Appium capabilities that trigger Appdome’s protection. However, it is important to follow the app building recommendations on Appdme, as previously described in sections Testing on iOS Apps and Live App Testing – iOS.

Automation App testing – iOS Server Side

BitBar allows you to test your app by uploading your test code and running it on their cloud, using various automation frameworks such as Appium, Robot, and Selenium.

To test your app on the iOS server side:

After successfully building and signing your app on Appdome, Log in to your BitBar account. Alternatively, if you do not yet have an account, Create an account.
Under Automation click Create Automated Test
Select iOS as target OS type.
Use the Select a Frameworksection section to click Server Side (Appium and other frameworks).
Use the Choose Files section to click on Click to choose or upload file and select your test app and the test code (.zip) from the displayed list.
If the app and the test code file are not in the displayed list, click Upload File and upload your test app and the test code .zip file, then select both for testing.
Use the Choose Devices section to select any of the following options:
1. Use existing device group
  Allows you to provide the name of the previously created device group.
2. Use chosen devices
  Allows you to select the test device from the presented list of available devices.
3. Use currently idle devices
  Allows you to let BitBar select test devices that are currently idle.
  
  Slide the blue circle on the bar below to indicate the number of devices you want to include in the test.
Click Create and run automated test.
When done, click on Go to results.

Troubleshooting Tips

Most automation test tools can typically be used in one of two modes: emulator mode and real device mode (specific terms may vary according to the testing tool). If you use the automation test tool in “emulator mode” instead of “real device mode”, the Appdome-secured application will not run on the device. This is expected because Appdome ONEShield protects apps from running on emulators/simulators. Instead, you should run the automation test tool in real device mode.

If you see a message such as: “Application has violated security policies and it will be shut down”, this means that (1) techniques such as emulators, tampering, or reverse engineering are present, and (2) the Fusion Set does not contain Appdome Threat-Events. This is expected because Appdome ONEShield protects against those conditions. You can either remove the triggering condition or use Appdome Threat Events if applicable.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.