How to Test Appdome-Secured iOS Apps on SauceLabs

Last updated September 16, 2024 by Appdome

Appdome works with all leading mobile automation testing solutions to help customers achieve comprehensive mobile app security at DevSecOps speed and agility, all within the app’s existing application lifecycle.

This knowledge base article covers the steps needed to test Appdome-Secured iOS mobile apps by using SauceLabs mobile test automation suite.

  • Use Appdome’s Build2Test Service (Recommended)
    Customers with an Appdome SRM license can use Appdome’s Build2Test service to quickly and easily test their Appdome-secured mobile apps by using SauceLabs, without the need for different Fusion Sets. With Appdome’s Build2Test service, Appdome’s in-app defense model recognizes the unique signature of these testing services and allows for easy testing without issuing a security alert or forcing the app to exit, even if these services use tools such as Magisk or Frida. For details, see How to Use Appdome Mobile App Automation Testing.

General Information

Saucelabs allows testing apps using its App Live and App Automate features. Both can be used to test Appdome-secured mobile apps. When using SauceLabs to run a Live Mobile App or Automated testing on an Appdome-protected app, you can choose between either of the following methods:

The following table describes which Appdome protection features may be triggered, the reason why, and how to avoid it (during the app building stage on Appdome):

 

Appdome feature Reason Behavior with Build2Test
Prevent App Screen Sharing SauceLabs allows a live view of the device screen while the test is running. The app will recognize the screen recording but will continue running without crashing.

Detect App is Debuggable

SauceLabs signs the app as debuggable upon installation. The app will acknowledge the debuggable state but will continue operating normally during the testing process.
Secure App Signature SauceLabs resigns the app upon installation. The app will detect the signature change but will not crash, allowing the testing to continue without interruption.

Anti Tampering

SauceLabs are injecting new Dylibs during the re-signing process. The app will detect tampering attempts but will not terminate the session, allowing testing to continue.
Anti-Swizzling Protects against method swizzling which could be used to alter app behavior during testing. The app will detect swizzling attempts but will continue running, allowing for uninterrupted testing.

Live App testing – iOS

To initiate Live Mobile App test of your test app in Saucelabs:

1. Build the iOS app with Appdome security.
SauceLabs will re-sign your app by using a provisioning profile that includes a “debuggable” entitlement before installing it.
This may trigger Appdome’s detection for debuggable applications. To prevent such a reaction, take either of the following measures:

  • Sign your app on Appdome by using a provisioning profile that includes the debuggable entitlement;

Note:
For additional measures to take during app build on Appdome, see the section General under iOS Apps above.

2. After successfully building and signing your app on Appdome, log in to your Saucelabs account. Alternatively, if you do not yet have an account, create an account.

3. On the left sidebar, select App Management.
If you see an option to select 
between devices on a Virtual Cloud and Real Devices, select Real Devices.
1
list of your apps will be displayed.
If you have not uploaded any app before, the list will be empty.

If your test app does not appear in the above list, you can upload it by dragging it or clicking “choose file.
Sacucelabs App Management

  • After you upload your test app, hover your mouse or cursor over it to display the Start Test option.
  • Click Start Test to select the test device.
    iOS Start Test Button
  • Select an available test device from the displayed list and click Launch.
    This will start a manual test of the uploaded app on the selected device.
    Manual Test of Uploaded App
  • To see live device logs, click Log on the menu on the right.
    iOS Live Device Logs
  • When done, click STOP on the right menu.

Automating App Testing on iOS

When using Saucelabs with Automate App testing on an Appdome-protected app, certain security protections may be triggered due to advanced options that need to be enabled in the Saucelabs test environment. In addition to the protections that are triggered in live testing, as specified earlier in section General Information about Testing in iOS Apps, the following table describes which Appdome protection features may be triggered when performing automated testing, the reason why and how to avoid it (during the app building stage on Appdome):
SauceLabs Specific Appium Capability Reason
networkCapture SauceLabs signs the app as debuggable upon installation
resigningEnabled SauceLabs signs the app as debuggable upon installation
saucelaLabsImageInjectionEnabled
SauceLabs signs the app as debuggable upon installation
saucelaLabsBypassScreenshotsRestriction
SauceLabs signs the app as debuggable upon installation

Note:

To avoid app resigning by Saucelabs, it is required to disable Instrumentation and Image Injection on Saucelabs cloud.

Troubleshooting Tips

Most automation test tools can typically be used in either of two modes: emulator mode and manual mode (specific terms may vary according to the testing tool). If you use the automation test tool in “emulator mode” instead of “manual mode”, the Appdome-secured application will not run on the device. This is expected because Appdome ONEShield protects apps from running on emulators/simulators. Instead, you should run the automation test tool in manual mode.

Related Articles:

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Appdome

Want a Demo?

Test Secured Mobile Apps

AlanWe're here to help
We'll get back to you in 24 hours to schedule your demo.