How to Test Secured Android & iOS Apps Using Kobiton
Learn how to test Appdome-secured Android & iOS Apps using the Kobiton automation test platform for DevSecOps. Appdome works with all leading mobile automation testing solutions to help customers achieve comprehensive mobile app security at DevSecOps speed and agility, all within the app’s existing application lifecycle.
Use Appdome’s Build2Test service to test iOS and Android-protected applications on Kobitron for Automated testing.
Customers with an Appdome SRM license can use Appdome’s Build2Test service to quickly and easily test their Appdome-secured mobile apps using Kobiton without the need for different Fusion Sets. With Appdome’s Build2Test service, Appdome’s in-app defense model recognizes the unique signature of these testing services and allows for easy testing without issuing a security alert or forcing the app to exit, even if these services use tools such as Magisk or Frida. For more details, see How to Use Appdome Mobile App Automation Testing.
This knowledge-base article covers the steps needed to test iOS and Android mobile apps secured by Appdome using Kobitron’s mobile test automation suite.
Appdome Protection Triggers (Android)
Kobiton allows testing apps using its Live Testing interface and Real Device App Automation testing suits. Both can be used to test Appdome-protected mobile apps.
When using Kobiton to run Live Testing or App Automation testing on an Appdome protected app, some security protections may be triggered due to the nature of Kobiton’s test environment. The following table describes which Appdome protection features may be triggered, the reason why and how to avoid it (during the app building stage on Appdome):
Appdome Feature | Reason | How to prevent such identification |
Detect Developer Options | Required to interact with the device. | Enable Threat Events for Detect Developer Options with In-App Detection mode – Appdome will detect developer options is enabled, but will not close the app. |
Block Android Debug Bridge (ADB) | Required to interact with the device. | Enable Threat Events for Block Android Debug Bridge (ADB) with In-App Detection mode – Appdome will detect ADB is enabled, but will not close the app. |
App is Debuggable | Kobiton signs the app as debuggable during installation. | Enable Threat Events for Anti-Debugging with In-App Detection mode – Appdome will detect debuggable apps, but will not close the app. |
App Integrity | Kobiton resigns the app. | Enable Threat Events for Anti-Tampering with In-App-Detection mode. Appdome will detect app tampering but will not close the app. |
Prevent App Screen Sharing | Kobiton performs screen recording, so if this feature is enabled, all test videos may show a black screen. | Disable Prevent App Screen Sharing. |
1. To enable Threat Events for Detect Developer Options on Appdome,
-
Where: Inside the Appdome Console, go to Build > Security Tab > OS Integrity section
-
How: Toggle (turn ON) Detect Developer Options, as shown below.
- Select the Threat Events option In-App Detection.
2. To enable Threat Events for Block Android Debug Bridge (ADB) on Appdome,
-
Where: Inside the Appdome Console, go to Build > Anti Fraud Tab > Mobile Fraud Detection section
-
How: Toggle (turn ON) Block Android Debug Bridge (ADB) as shown below.
- Select the Threat Events option In-App Detection.
3. To enable Threat Events for Anti-Debugging on Appdome.
-
Where: Inside the Appdome Console, go to Build > Security Tab > ONEShield™ section
-
How: Toggle (turn ON) Anti-Debugging as shown below.
- Select the Threat Events option In-App Detection.
4. To enable Threat Events for Anti-Tampering
-
Where: Inside the Appdome Console, go to Build > Security Tab > ONEShield™ section
-
How: Toggle (turn ON) Anti-Tampering as shown below.
- Select the Threat Events option In-App Detection.
- Note: This will not prevent Appdome’s protection from detecting Anti-Tampering, but it will not close the app.
5. To disable Prevent App Screen Sharing on Appdome.
-
Where: Inside the Appdome Console, go to Build > Security Tab > Mobile Privacy section
-
How: Toggle (turn OFF) Prevent App Screen Sharing as shown below.
How to Disable Google Play Protect
Google Play Protect might also prevent an app from running on some Kobiton test devices. You may encounter a message like the following:
To disable Google Play, Protect on a device:
- Launch Google Play on the device.
- Click the three dots in the upper right corner.
- Select Play Protect
- Click the gear icon on the top right corner.
- Disable Play Protect can scan this device and warn you about harmful apps.
- Confirm “Turn off app scanning?” by clicking Turn off.
Live Testing Android Apps using Kobiton
Here are the basic steps to initiate a live test of your test app in Kobiton:
- Log in to your Kobiton account, or Create an account if you don’t already have one.
- On the menu on the left bar, Click the Devices tab.
You will see a list of test devices.
Note: If you don’t see any devices, go to the PUBLIC DEVICES on the top tab.
- Select the Android platform by clicking the Android icon on the Public Devices
- Select your preferred test device by clicking the Launch button next to it. A new screen imaging the device will be displayed.
- Click the Install Apps button in the upper right corner.
- Select a test app among previously uploaded test apps, upload a new test app, or provide a test app URL.
- Once the app is selected and installed on the device, you will be able to start the test.
- While you are running the test, you can view the logs, open the inspector, or see real-time metrics on the right side of the screen by selecting the appropriate tab on the top right.
- When testing is finished, click the X button on the top right corner to end the session.
- After completing the test, you will be directed to the Session Overview screen with the test session information, video recording of the session, logs, etc.
Real Device App Automation testing – Android
As of the current document’s issuance date, there are no particularly desired capabilities in Kobiton’s real device script-based test automation that would trigger Appdome’s protection features.
Appdome Protection Triggers (iOS)
Kobiton allows testing apps using its Real Device App Testing (Live) and Real Device App Automation testing suits. Both can be used to test Appdome-secured mobile apps.
When using Kobiton to run Real Device App Testing or App Automation testing on an Appdome-protected app, some security protections may be triggered due to the nature of Kobiton’s test environment. The following table describes which Appdome protection features may be triggered, the reason why, and how to avoid it (during the app building stage on Appdome):
Appdome Feature | Reason | How to prevent such identification |
Prevent App Screen Sharing | Kobiton allows a live view of the device screen while the test is running | Enable Threat Events for Prevent App Screen Sharing with In-App Detection mode – Appdome will detect the screen sharing but will not close the app. |
To enable Prevent App Screen Sharing on Appdome.
-
Where: Inside the Appdome Console, go to Build > Security Tab > Mobile Privacy section
-
How: Toggle (turn ON) Prevent App Screen Sharing as shown below.
Live Testing iOS Apps using Kobiton
Here are the basic steps to initiate the Real Device Live App test of your test app in Kobiton:
- Log in to your Kobiton account, or Create an account if you don’t already have one.
- On the menu on the left bar, Click the Devices tab.
You will see a list of test devices.
If you don’t see any devices, go to the PUBLIC DEVICES on the top tab.
- Select the iOS platform by clicking the iOS icon on the Public Devices
- Select your preferred test device by clicking the Launch button next to it. A new screen imaging the device will be displayed.
- Click the Install Apps button in the upper right corner.
- Select a test app among previously uploaded test apps, upload a new test app, or provide a test app URL.
- Once the app is selected and installed on the device, you will be able to start the test.
- While you are running the test, you can view the logs, open the inspector, or see real-time metrics on the right side of the screen by selecting the appropriate tab on the top right.
- When testing is finished, click the X button on the top right corner to end the session.
- After completing the test, you will be directed to the Session Overview screen with the test session information, video recording of the session, logs, etc.
Real Device App Automation testing – iOS
As of the current document’s issuance date, there are no particular desired capabilities in Kobiton’s real device script-based test automation that would trigger Appdome’s protection features.
Troubleshooting Tips
Most automation test tools can typically be used in one of two modes: emulator mode and real device mode (specific terms may vary according to the testing tool). If you use the automation test tool in “emulator mode” instead of “real device mode”, the Appdome-secured application will not run on the device. This is expected because Appdome ONEShield protects apps from running on emulators/simulators. Instead, we recommend running the automation test tool in real-device mode.
If you see a message such as: “Application has violated security policies and it will be shut down”, this means that (1) techniques such as emulators, tampering, or reverse engineering are present, and (2) the Fusion Set does not contain Appdome Threat-Events. This is expected because Appdome ONEShield protects against those conditions. You can either remove the triggering condition or use Appdome Threat Events if applicable.
Related Articles
How to Use Appdome’s Build-to-Test Service
How to Test Appdome-Secured iOS Apps on SauceLabs
How to Test Appdome-secured iOS Apps on BrowserStack
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.