App Security Testing

04 Jan 2017
App Security Testing
By Anver and Vasyl

This blog post is continuation of knowledge hub on mobile apps testing and QA team has prepared some of the highlights during the security app testing. 

Android

Lucky Patcher is a great Android tool to remove ads, modify apps permissions, backup and restore apps, bypass premium applications license verification, and more.

LogCat - Dalvik Debug Monitor Server (DDMS)

LogCat is integrated into DDMS, and outputs the messages that you print out using the Log class along with other system messages such as stack traces when exceptions are followed 

Console -  Xcode

Main key benefits:

  • View log output in Console
  • View log output in Xcode
  • View log output on a connected device
  • View crash logs on a device

Common (Android/iOS/Window Phone/WEB)

Charles web debugging proxy

During app testing we use Charles proxy server which allows to monitor http requests/responses, http headers (which contain cookies and caching information) and allows us to emulate our own test requests/responses to/from server, so additional rare cases could be emulated.

Key Benefits:

  • SSL Proxying – view SSL requests and responses
  • Monitor http/https requests/responses (Android/iOS/Windows Phone/PC/Mac)

Summary: 

DDMS, Xcode Console and Charles tools allow to reveal logs/requests/pesponses which might contain security data (logins and passwords). Using them while testing Android/iOS will enable access to app security status. Lucky Patcher is a tool  for Android apps and allows us to modify apps permissions, backups and restore them etc.

SEE ALSO: