How to Test Secured Android Apps on Browserstack
Learn how to test Appdome-secured Android Apps using Browserstack’s mobile testing suite. Automated testing of secured Android and iOS apps helps developers and others rapidly deploy comprehensive mobile app security and fraud prevention with DevSecOps speed and agility. Appdome works with all leading mobile automation testing solutions to help customers achieve comprehensive mobile app security at DevSecOps speed and agility, all within the app’s existing application lifecycle.
Use Appdome’s Build2Test service to test Android-protected applications on Browserstack for both Live and Automated testing.
Customers with an Appdome SRM license can use Appdome’s Build2Test service to quickly and easily test their Appdome-secured mobile apps using Browserstack without the need for different Fusion Sets. With Appdome’s Build2Test service, Appdome’s in-app defense model recognizes the unique signature of these testing services and allows for easy testing without issuing a security alert or forcing the app to exit, even if these services use tools such as Magisk or Frida. For details, see How to Use Appdome Mobile App Automation Testing.
Testing on Android Apps
BrowserStack allows testing apps using its App Live and App Automate features, which can both be used to test Appdome-secured mobile apps.
The following table describes which Appdome protection features may be triggered and the reason why:
Appdome Feature | Reason | Behavior with Build2Test |
Block Non-SSL Connections | BrowserStack might simulate network conditions where non-SSL connections are allowed or forced. | Build2Test ensures that the app blocks non-SSL connections while allowing testing to continue. |
Keylogging Prevention | Testing scripts that simulate inputs in a way that resembles keylogging might trigger this feature. | The app will detect potential keylogging behavior but will not crash. |
Detect VPN | Prevents unauthorized network access. | Build2Test ensures that the app detects and blocks VPN connections while allowing testing to continue. |
Deep Proxy Detection | Prevents malicious network traffic. | Build2Test ensures that the app detects and blocks deep proxy connections while allowing testing to continue. |
Detect Unlocked Bootloader | BrowserStack devices might have unlocked bootloaders, which are detected as a security risk. | The app will acknowledge the unlocked bootloader but will continue operating normally during testing. |
Block KernelSU | Prevents unauthorized access to the KernelSU, which can compromise device security. | Build2Test ensures that the app blocks KernelSU attempts while allowing testing to continue. |
Block GameGuardian | Prevents unauthorized game manipulation and cheating. | Build2Test ensures that the app blocks GameGuardian attempts while allowing testing to continue. |
Detect OS Remount | Prevents unauthorized system modifications that can compromise device security. | Build2Test ensures that the app detects and blocks OS remount attempts while allowing testing to continue. |
Prevent Code Injection | BrowserStack devices might detect and block unauthorized code injections to safeguard the app’s integrity. | Build2Test ensures that the app prevents code injection while allowing testing to continue. |
Root Prevention | Some Browserstack devices might be rooted. | Build2Test ensures that the app detects if the device is rooted while allowing testing to continue. |
Detect Developer Options | Required to interact with the device. | The app will detect this but will not crash, allowing testing to continue. |
Block Android Debug Bridge (ADB) | Required to interact with the device. | The app will detect ADB usage but will not crash, ensuring smooth testing. |
Android MiTM Prevention | To prevent MiTM attacks that could intercept and manipulate secure data transmissions between the app and its servers. | The app will detect MiTM attempts but will not crash, allowing for uninterrupted testing. |
Block Magisk | To detect and prevent the use of Magisk, a tool commonly used for rooting devices. | The app will detect Magisk but will not crash, ensuring tests can continue under controlled conditions. |
Prevent Keystroke Injection | Uses the adb command to enter text. screen | The app will detect the use of the adb command but will continue running without crashing, allowing for uninterrupted testing. |
Testing .aab Apps
Unlike .apk apps, .aab apps must be re-signed before installation.
To avoid triggering Appdome’s anti-tampering protection as a result of the re-signing process, you can use either of the following options:
- Use Appdome’s Build2Test
- Convert the test .aab app into Universal.apk by using the same key that was used for signing the .aab app, and use the Universal.apk file to test with Browserstack.
Live App testing – Android
- Log in to your BrowserStack account. Alternatively, if you do not yet have an account, Create an account.
- Click the Let’s Go button in BrowserStack’s account page.
The website now displays a page with a list of iOS and Android devices you can test the app with. - Click App Live on the top of the page.
- Click Upload to upload your signed app build.
- After the app upload completes, select the device to be used for testing the app.
Click the device type (in the example shown below, Google) and then the device model. The app will be automatically installed on the selected device and then launched.
Note:
In case of any issues with the app, you can send the device logs to Appdome Support by following these steps:- Go to Build > Security on on Appdome.
- Enable(toggle On) the option Diagnostic Logs.
For details, see Knowledge Base article Appdome Diagnostic Logs for Troubleshooting Secured Apps.
- Go back to BrowserStack and re-run the steps used for uploading the app with the selected device.
- Click the Kill/Uninstall button on the running app.
- Select the options All Device Logs and Verbose.
- Clear the log under DEVTOOLS.
- On the device, open the app once more, getting to the point where the issue occurred (and take note of the time).
- Click Download at the top right-hand corner under DEVTOOLS.
- Set a name for the downloaded log, including the time the issue occurred.
- Sent the log by email to support@appdome.com, complete with details on the issue, device model, and OS version used in testing.
Automating App Testing on Android
BrowserStack-Specific Appium Capability | Reason |
networkLog | By default, BrowserStack re-signs the app to enable capturing network log. |
Related Articles:
- How to Test Secured Android Apps on Lambdatest
- How to Test Secured iOS Apps on Lambdatest
- How to Use Appdome’s Build2Test Service
- Test Appdome-secured Android Apps by Using SauceLabs
- Testing Secured iOS Apps by Using SauceLabs
- How to Test Secured Android Apps on BitBar
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.