1.1 Security Testing
1.1.1 Software Permissions
1 risk of deduction fee: including sending SMS, dialing telephone, connecting network, etc.
2 Privacy Disclosure risk: including access to mobile phone information, access to contact information, etc.
3 Testing the input validation, authentication, authorization, sensitive data storage and data encryption of app
4 Limit/allow the use of mobile phone features to access the Internet
5 Limit/allow the use of mobile phone to send acceptance information function
6 Limit/Allow applications to register an automatic startup application
7) Restrict or use local connection
8 limit/allow use of mobile phone to take pictures or recordings
9 Limit/allow use of mobile phone to read user data
10 Limit/allow the use of mobile phone write user data
11 to detect the user authorization level, data leakage, illegal authorized access to the app, etc.
1.1.2 Installation and Uninstall security
1 The application should be properly installed on the device driver
2 can find the appropriate icon of the application on the installation device driver
3 contains digital signature information
4 All managed properties and their values contained in the Jad file and jar package must be correct
5 jad file display data content and application display of the information should be consistent
6 The installation path should be able to specify
7 without the user's permission, the application can not pre-set automatic start
8 Uninstall is safe, its installed files are all uninstalled
9 whether the user will be prompted to uninstall the file produced during the use
10 Whether the modified configuration information is restored
11 whether the uninstall affects the functionality of other software
12 uninstall should remove all files
1.1.3 Data Security
1 when the password or other sensitive data is lost to the application, it will not be stored in the device, and the password will not be decoded
2 The password of the loser will not be displayed in clear text form.
3 passwords, credit card details, or other sensitive data will not be stored in the position of their losers
4 The personal ID or password length of a different application must be at least between 418 digit lengths
5 When the application processes credit card details, or other sensitive data, the data is not written to other separate files or temporary files in clear text form. 6) prevents an application from terminating abnormally and has no side exception to its temporary files, which can be attacked by a human attacker and then read the data.
7 when sensitive data is lost to the application, it is not stored in the device.
8 backup should be encrypted, recovery data should consider the recovery process of abnormal communication interruption, etc., data recovery before use should be verified
9 The application should consider the system or virtual machine generated by user prompts or security for the report
10 application can not ignore the system or virtual machine generated by user prompts or security warnings, but also not in the security warning before the display, the use of display misleading information to deceive users, the application should not simulate security warnings misleading users
11 Before data is deleted, the application should notify the user or the application to provide a "Cancel" command operation
12 "Cancel" command operation can be implemented according to the design requirements of its functions
13 applications should be able to handle situations where application software is not allowed to connect to personal information management
14 when a read or write user information operation, the application will send a message to the user with a wrong action
15 without the user's express permission without damaging the side except personal information management application of any content μ
16 the application reads and writes the data correctly.
17 applications should have exception protection.
18 If the important data in the database is being rewritten, you should inform the user in time
19 can reasonably handle the errors that occur
20 unexpected circumstances should prompt the user
2.1.4 Communication Security
1 in the course of running its software, if there are calls, SMS, EMS, MMS, Bluetooth, infrared and other communications or charging, whether can suspend the program, the priority to deal with communications, and after processing after the normal recovery of the software, continue its original function
2 When the connection is created, the application can handle the interruption of the connection due to the interruption of the network connection, thereby telling the user
3) should be able to deal with communication delay or interruption
4 The application will keep working to the communication timeout, and then send the user an error message indicating a connection error
5 should be able to handle network anomalies and timely notification of anomalies to users
6 when the application is closed or the network connection is no longer in use should be shut down in time)
7 HTTP, HTTPS coverage test
–app and back-office services are generally interactive via HTTP to verify that the HTTP environment is normal;
-Public free network environment (such as: McDonald's, Starbucks, etc.) to enter the user name and password, through SSL authentication to access the network, need to use HTTP client's library exception for capture processing.
1.1.5 Human-Machine interface security
1) The return menu always remains available
2 Order has priority order
3 Sound settings do not affect the functionality of the application
4 The application must use the full screen size applicable to the target device to display the above content
5 The application must be able to handle unpredictable user actions, such as wrong actions and pressing multiple keys at the same time
1.2 Installation, uninstall test
Verify that the app is properly installed, running, unloaded, and used for system resources before and after the operation and operation
1.2.1 Installation
1 software installed under different operating systems (Palm OS, Symbian, Linux, Android, IOS, black Berry OS 6.0, Windows Phone 7) is normal.
2 whether the software can be installed after the normal operation, after the installation of folders and files are written to the designated directory.
3 Software installation of the combination of the various options to meet the outline design instructions
4) The UI test for the Software Installation Wizard
5 whether the software installation process can be canceled, click Cancel, write the file as outlined design instructions to deal with
6 The Software installation process to meet the unexpected situation of the requirements (such as panic, restart, power off)
7 If there is insufficient installation space, whether there are corresponding prompts
8 after installation did not generate redundant directory structure and files
9 for the need to network authentication, such as installation, in the case of broken network to try
10 also need to test the installation manual, according to the installation manual can be successfully installed
1.2.2 Uninstall
1) Delete the installation folder uninstall directly whether there is a message.
2 Test the system directly uninstall the program whether there is a prompt information.
3 Test the uninstall file to remove all the installation folders.
4 The unloading process of the accident occurred in the test (such as panic, power, restart).
5 Uninstall to support the cancellation function, click the cancellation after the software uninstall situation.
6 The system unloads the UI test directly, whether has the uninstall Status progress bar prompt.
1.3 UI Test
Test user interface (such as menus, dialogs, windows, and other controllable controls) layout, style to meet customer requirements, the text is correct, the page is beautiful, text, picture combination is perfect, the operation is friendly and so on.
The goal of the UI test is to ensure that the user interface provides the user with the appropriate access or the ability to do so by testing the capabilities of the object. Ensure that the user interface complies with company or industry standards. including user-friendly, user-friendly, easy to operate test.
1.3.1 Navigation test
1 buttons, dialog boxes, lists, Windows, and so on, or navigating between different connection pages
2 is easy to navigate, navigation is intuitive
3 whether need search engine
4 navigation help is accurate and intuitive
5 navigation and page structure, menu, link the style of the page is consistent
1.3.2 Graphics Test
1) Horizontal comparison. The controls operate in a uniform manner
2 Adaptive interface design, the content according to the window size adaptive
3 page label style is unified
4) Whether the page is beautiful
5 The picture of the page should have its practical meaning and require the overall orderly appearance
6 The picture quality should be high and the picture size should be as small as possible when the design meets the requirement.
7 The overall use of the interface should not be too much color
1.3.3 Content Test
1 input box to explain the content of text and system function is consistent
2 whether the length of the text is limited
3 whether the text content is unclear
4 whether there are typos
5 Whether the information is displayed in Chinese
6 whether there are sensitive words, key words
7 whether there are sensitive pictures, such as: Copyright, patent, privacy and other pictures
1.4 Functional Testing
According to software description or user requirements to verify the functions of the app implementation, the following methods to implement and evaluate the functional testing process:
1) The adoption of time, site, object, behavior and background five elements or business analysis methods to analyze, refine the user scenarios of the app, compare the description or requirements, sort out the internal, external and non-functional directly related needs, build test points, and clear test standards, if the user needs no clear standards to follow, Refer to the industry or relevant international standards or guidelines.
2) According to the characteristics of the function point of the test column? s out of the corresponding type of test case to cover it, such as, the place involved in the input needs to consider equivalent, boundary, negative, abnormal or illegal, scene rollback, correlation test and other test types to overwrite it.
3 in the test implementation of the various stages of tracking test implementation and demand input coverage, timely correction of business or needs to understand the error.
1.4.1 Run
1 after the app installation completes the test run, can open the software normally.
2 app opens the test, whether has the loading status progress prompt.
3 app open speed test, the speed is considerable.
4 whether the switch between the app pages is fluent and the logic is correct
5) Registration
– With the form edit page
– User name Password length
– The prompt page after registration
– The foreground registration page and the admin page data in the background are consistent
– After registering, the page prompts in the background admin
6) Login
– Log on to the system using a legitimate user.
-whether the system allows multiple illegal landings, and whether there is a limit to the number of times.
– Use the logged in account to log in to the system for proper handling.
– Use a disabled account to log in to the system for proper handling.
– User name, password (password) error or the ability to log in when missing.
– Delete or modify the user after the original user logs in.
– Do not enter user passwords and users, repeat points (ok or Cancel buttons) to allow landing.
– Landing information on the page after landing.
– There is a logout button in the page.
– Processing of login timeouts.
7) Cancellation
-Unregister the original module, the new module system can be handled correctly.
– Terminating logoff can return to the original module, the original user.
-Log off the original user, the new user system can be handled correctly.
– Log off with the wrong account, password, disabled account without permission
Front and rear switch of 1.4.2 application
1 app switch to the background, and then back to the app, check whether to stay in the last operating interface.
2 app switch to the background, and then back to the app, check the function and application status is normal, IOS4 and IOS5 version of the processing mechanism are different.
3 app switch to the background, and then back to the foreground, pay attention to whether the program crashes, functional status is normal, especially for the switch from the background back to the foreground data has automatic updates.
4 Mobile phone lock screen after Jie Shi into the app to notice whether the crash, functional status is normal, especially for the back from the background to the foreground data has automatic updates.
5 When the app is in use, there is a phone in the interrupt and then switch to the app, functional status is normal
6 when the app process is killed, then open App,app can start normally.
7 when you have to deal with the prompt box, switch to the background, and then switch back, check whether the prompt box is still there, and sometimes apply to automatically skip the tip box defects.
8 for data Exchange pages, each page must be the front and rear switch, lock screen test, this page is the most prone to collapse.
1.4.3-Free Login
Many applications provide a login-free function, and when the application is turned on automatically, the user who logs on once is used to use the app.
1 when the app has a login-free feature, you need to consider the iOS version difference.
2 to consider the absence of network conditions can be normal access to the login-Free state.
3 Switch User login, to verify the user login information and data content is updated to ensure that the original user exit.
4 According to the existing rules of Mtop, an account is allowed to log on to only one machine. So, you need to check one account to log on to multiple handsets. The original mobile phone users need to be kicked out, give a friendly hint.
5 app Switch to backstage, then cut back to the front of the check
6 switch to the background, and then switch back to the front of the test
7 after the password is replaced, check if there is a valid identity verification when the data is exchanged
8 Support automatic login application in the data exchange, check whether the system can automatically log on successfully and the data operation is correct.
9 Check User Active exit login, the next start app, should stay in the login interface
1.4.4 Data Update
According to the application of business rules, as well as the situation of data update, to determine the optimal data update scheme.
1 need to determine where to provide manual refresh, where the need to automatically refresh, where the need for manual + automatic refresh.
2 to determine where to switch from the background back to the foreground when the need for data updates.
3 According to the business, speed and flow of reasonable allocation, determine what content needs real-time updates, which need to be updated regularly.
4 to determine the data display part of the processing logic, is every time from the server request, or have a cache to the local, so as to be targeted for the corresponding test.
5 Check where there is data exchange, there are corresponding exception handling.
1.4.5 Offline Browsing
Many applications support offline browsing, where local clients cache part of the data for viewing by the user.
1 You can browse local data in the absence of network
2 exit the app and open the app for normal browsing
3 Switch to the background and then cut back to the foreground can be normal browsing
4) After the lock screen and then Jie Shi back to the application front can be normal browsing
5 When the data on the server is updated, the corresponding prompt will be given offline
1.4.6 App Update
1 When the client has a new version, there are update prompts.
2 when the version is not mandatory upgrade version, the user can cancel the update, the old version can be used normally. The user will still be prompted to update the app the next time it starts.
3 when the version of the mandatory upgrade version, when given a mandatory update after the user did not update, exit the client. The next time you start the app, a forced upgrade prompt is still present.
4 When the client has a new version, the local does not delete the client, the direct update check whether the normal update.
5 When the client has a new version, if the client is not deleted locally, check whether the updated client function is a new version.
6 When the client has a new version, in the case of the local do not delete the client, check the resource file with the same name, such as the picture can be normal update to the latest version. If the above cannot be updated successfully, it is also a flaw.
1.4.7 positioning, Camera service
1 app to camera, positioning service, need to pay attention to system version differences
2 useful to location services, camera services, the need for the switch before and after the test, check whether the application is normal.
3 When the location service is not turned on, use the positioning service, will be friendly pop-up whether to allow the setting of positioning hints. When the determination allows to open the positioning, can automatically jump to the positioning settings to open the positioning service.
4 test positioning, camera service, you need to use the real machine to test.
1.4.8 Time Test
The client can set its own time zone for the phone, and therefore needs to verify the effect of the setting on the app.
-China is East 8, so when the mobile phone set time is not east of the 8 area, to see where the time needed to display, whether the time is displayed correctly, the application function is normal. Time usually needs to be converted to the time zone of the client according to the server times to show that the user experience is better. For example, the publication of a microblog on the server record is 10:00, at this time, Washington Times 22:00, the client to browse, if the set is Washington time, the display of the publication time is 22:00, when the time set back to the East 8 time, and then view the display as 10:00.
1.4.9 Push Test
1 Check whether the push message is sent according to the specified business rules
2 Check that no push message is accepted, check that the user will no longer receive the push.
3 If the user has set a time period of no interruption, check that the user cannot receive the push during the period of interruption.
The user can receive a push normally during a period of time without interruption.
4 When the push message is for the logged-in user, need to check the received push and the user status is consistent, not wrong to push other people's message over. In general, only the last logged-on user on the phone is sent a message push.
5 test Push, you need to use the real machine to test.
1.5 Performance Test
Evaluate the time and space characteristics of the app:
1 Limit test: In all kinds of boundary pressure conditions, such as batteries, storage, speed, etc., verify that the app can respond correctly.
– Install the app when the memory is full
-Phone power off when running app
– When running the app, it breaks down the network
2 response Capability test: Test whether the various operations in the app meet the user response time requirements.
–app installation, uninstall response time
–app the impact time of various functional operations
3 pressure test: repeated/long-term operation, the system resources are occupied with abnormal.
–app repeatedly carry on loading and unloading to see if the system resources are normal
– Other features are repeatedly operating to see if the system resources are normal
4 Performance Evaluation: Evaluate the usage of system resources under typical user scenarios.
5 Benchmark Test (baseline test): Compare with competitive product benchmarking, product evolution test, etc.
1.6 Cross Event Test
This paper presents a test method for the service level division and real-time characteristics of intelligent terminal applications. Cross-testing, also called an event or conflict test, is a test in which a feature is being executed while another event or operation interferes with the process. such as app in the front/back run state and call, file download, music listening to the key applications such as interactive test. Cross-event testing is important to identify potential performance problems in many applications.
Whether multiple apps run at the same time affects normal functionality
App runtime pre/background switch affects normal function
Call/Answer phone when app is running
App runtime Send/Receive information
Send/Receive mail when app runs
App Runtime switching Network (2G, 3G, WiFi)
Browsing the network while the app is running
App runs with Bluetooth to send/Receive data
App running with camera, calculator and other mobile devices
1.7 Compatibility test
Main test internal and external compatibility
1 is compatible with local and mainstream apps
2 based on the development environment and the different production environment, testing in a variety of network connections (WiFi, GSM, GPRS, EDGE, WCDMA, cdma1x, CDMA2000, HSPDA, etc.), app data and use is correct
3 compatible with a variety of equipment, if there is a cross-system support will need to test whether in the various systems, the behavior is consistent
– Compatibility of different operating systems, matching
-Compatibility of different phone screen resolutions
– Compatibility of different phone brands
1.8 Regression Test
1 after the bug is repaired and the new version is released, regression testing is required.
2 after the restoration of the bug fix, the regression test of the full use case should be carried out before delivery.
1.9 Upgrade, update test
After the release of the new version, with different network environment of the Automatic Update prompts and download, installation, update, start, run the verification test.
1 Test whether the upgraded functionality is the same as the requirement specification
2 Testing the module related to the upgrade module is consistent with the requirements
3 Upgrade the Installation accident test (such as panic, power off, restart)
4 UI test for upgrade interface
5. Upgrade Test between different operating systems
1.10 User Experience Test
To perceive the comfort, usefulness, ease of use and friendliness of a product or service in the context of a subjective ordinary consumer. How to evaluate the experience characteristics of the product effectively through different individual, independent space and non empirical statistical multiplexing methods? To improve the product's potential customer satisfaction.
1 whether has the empty data interface design, directs the user to carry on the operation.
2 Misuse of user guidance.
3 whether there is no clickable effect, such as: Your button is not available at this time, then must be gray, or take off the button, otherwise it will mislead the user
4 whether the menu level is too deep
5 Whether the interaction process branch is too much
6 whether the relevant options are very far away
7) Whether to load too much data at once
8 The interface of the button clickable range is moderate
9 whether the label page has no affiliation with the content, when switching the label, the content follows the switch
10 operation should have primary and secondary dependencies
11 defines the logic of back. When it comes to software and hardware interaction, the back key should be specifically defined
12 whether there is a horizontal screen mode of design, applications generally need to support the horizontal screen mode, that is, adaptive design
1.11 Hardware Environment Test
1.11.1 gesture Operation Test
1 mobile phone unlock screen on the operation of the impact of the app
2 The impact of switching networks on running apps
3) The influence of app switch before and after operation
4 switching of multiple apps in operation
5 Shutdown when app runs
6 Restart system when app runs
7 App Running time charging
8 app run kill process and then open
1.11.2 network Environment
Mobile phone network is mainly divided into 2G, 3G, WiFi. At present, the 2G network phase is relatively slow, especially when testing this piece of testing.
1 when there is no network, perform the operation that needs network, give friendly prompt, ensure the program does not appear crash.
2 in the intranet test, we should pay attention to the selection to the external network operation when the exception processing.
3 When the network signal is bad, check the function status is normal, ensure that not due to the failure to submit data caused crash.
4 when the network signal is bad, check whether the data will always be in the state of submission, there is no time-out limit. If the data exchange fails to give prompt.
5 When the network signal is bad, after performing the operation, in the case of the callback is not completed, exit this page or perform other operations, there is no abnormal situation. This problem also frequently occurs with program crash.
1.11.3 server downtime or test in 404, 502, etc.
Background services involved in DNS, space service providers will affect its stability, such as: When a domain name resolution failure, your request to the background API is likely to appear 404 errors, throw an exception. This requires that the exception be handled properly, or it may cause the program to not function correctly.
1.12 Interface Test
The service side typically provides JSON-formatted data to the client, so we need interface testing on the server side to ensure that the interface provided by the server and transform the JSON content correctly, with the corresponding return value for the branch and the exception stream. This block test can be tested using the ITest framework. The most convenient is to use HttpClient for interface testing.
When conducting a service-side test, it is necessary to develop and provide an interface document.
1.13 Client Database Testing
1) General increase, delete, change, check test.
2 If the table does not exist can be automatically created, when the database table is deleted can be built again, the data can be automatically from the server to get back and save.
3 when the business needs to retrieve data from the server to the client, the client can save the data to the local.
4 when the business needs to take data from the client, check the existence of the client data, the app data can be automatically taken out from the client data, or will still be obtained from the server side? When checking that the client data does not exist, can the app data be automatically fetched and saved to the client from the server side
5 When the business of the data into the modified, deleted, the client and the server will have a corresponding update.