Mobile app Test "4"--Special test

The following questions:

Crash

Device compatible

Excessive traffic usage

APP causes users to consume too fast battery

Instability in different network situations, such as the problem of white screen and death

For a particular aspect or problem, call it a special test.

such as compatibility test, flow test, battery test, weak network test, stability test, safety test and environment related test

A compatibility test

Functional testing, but focused on different hardware and software environments

1 Environment Preparation

For apps, you'll typically consider:

OS version, screen resolution, ROM for different manufacturers, network type

2 Cloud testing scenarios based on UI automation scripts

such as Testin

Two-flow test

Traffic consumption: User's operation, background "the user is not directly used in the case of traffic consumption"

1 Unique traffic testing methods for Android apps

A) based on the system's own statistical functions

PROC/UID_STAT/[UID]/tcp_snd

Proc/uid_stat/[uid]/tcp_rcv

2 IOS APP-specific traffic test methods

A) View network traffic through Instruments's own networks

　　　　

3 General-purpose flow test methods

Grab a bag on your phone

Windows "Wireshark", Linux "tcpdump", Android "tcpdump"

Tcpdump-s 0-w T1.pcap-v

Access to traffic data based on the WiFi proxy

Automated Traffic Statistics Program:

The Fidder tool is typically used for HTTP capture and manual analysis

4 common ways to save on traffic

Data compression, adoption of different data formats, control of frequency of access, acquisition of only necessary data

Cache "required, control cache expiration and update policy", design different access policies for different network types

　　

Three-battery test

1 Android Battery test method

1) test plan based on hardware, can accurately test the battery consumption situation of the phone

GSam Battery Monitor Pro View power consumption

2) Use a 3rd party app to evaluate the power consumption of each app on your phone

2 IOS Battery test method

　　　　

Four Weak network test

When the network environment is complex, the App only exposes some problems

1 Network Condition Simulation tool with mobile phone

Support for Android is not good, primarily for iOS

2 simulation of weak network based on agent

Network Delay Simulator under Windows

Network Link Conditioner under Mac

　　　

Five stability tests

1 stability test based on Monkey

Monkey is a self-contained Android system, written by Java, in the path of Android/system/framework.monkey.har

The location of the shell program/system/bin/monkey

Monkey-p app_name-v Show Information at execution count number of events sent

Monkey can simulate: APP Click, Swipe, Key-input, also simulates the operation of various mobile systems, adjust the volume, open the notification bar, change network status, lock screen

Monkey test Stop condition, mainly has

1) The number of executions.

2) If the Monkey movement is limited to one or several specific packages, it will be terminated when it detects an attempt to transfer to another package.

3) application crashes or receives any out-of-control anomalies, Monkey will stop and error

4) Application A ANR "application not Responding" error occurred, Monkey will stop and error

"NOTE" Monkeyrunner and Monkey do not have any connection

Monkeyrunner is a toolkit that provides a number of APIs that can control Android devices and emulators outside of Android code, and Monkeyrunner can use their own code to launch apps and control the sending mode, compared to Monkey's uncontrollable analog events. The intended keystroke operation

Android ANR is a relatively easy to encounter stability issue that occurs when the APP encounters one of the following two scenarios application not responding

A) input events not responding to completion within 5 seconds, such as tapping the screen, keystrokes and other operations

b) broadcastreceiver not executed within 10 seconds

One of the common causes of ANR is that it takes a long time to perform operations on the main thread

Android ANR logs stored in/data/anr/traces.txt

Includes the stack information for each thread of the APP, which developers can use to troubleshoot the file.

3 Research on the method of stability testing based on fuzzy test idea

Using the idea of fuzzy testing fuzzing test, fuzzy test often users do security test, exploit security loopholes.

Six safety tests

1 installation package Test

1) can you decompile the code,

View source code with the Dex2jar tool in conjunction with the Jd-gui tool

2) Whether the installation package is signed

iOS no need to consider

Android does not have this type of check, you need to check before publishing the key used by the signature is correct, in case of malicious third-party applications to overwrite the installation and other issues

Check:jarsigner-verify-verbose-certs APK Package Path

3) Integrity check

The MD5 value of the check installation package can be automated

4) Permission setting check

On the Android platform, we can directly check the manifest file to read all the permissions required by the app

IOS is a reminder when the APP uses other permissions

2 Sensitive information Testing

1) Whether the database stores sensitive information

For example, if a cookie is saved to a database and someone else finds it, the information will be lost.

In general, sensitive information needs to be deleted after the user logs off, such as Cookie class data, it is recommended to set a reasonable expiration time

2) Whether sensitive information is present in the log

3) Whether the configuration file has sensitive information

3 Soft Keyboard Hijacking

For example, a financial app that cannot use a third-party soft keyboard, but should use a soft keyboard that comes with its own

4 account Security

For account security, we generally need to focus on a few points

1) password

2) Policy

3) session

4) Logout

5 Data Communication Security

6 Component Safety Testing

Whether the various components of the Android platform can be invoked maliciously by external applications, resulting in some security issues, including Activity, Service, ContentProvider, broadcase, etc., using the test method, by using the Droz ER tools + code

1) service-side interface testing

SQL, XSS, CSRF, ultra vires

7 Environment-related tests

For example, some apps use cameras, acceleration sensors and other hardware

1) Interference test

Receive phone, SMS, notification bar information, no power alert box popup, third-party software alarm Box Popup

2) Permission test

The user has banned certain permissions, causing the UI to be unfriendly and the program crashing

3) Boundary conditions

The environment of the mobile phone itself

Reduced available storage space, no SD card/dual SD card, airplane mode, System time error, third party dependent

4) Android Location test

White box mode because the location code eventually gets a positional object, we only need to manually set the latitude and longitude to test after acquiring the location object.

Simulator simulation

　　

　　　　　　　　　　　　

　　　　　　　　

　　

　　　　　　

Mobile app Test "4"--Special test