The following questions:
Crash
Device compatible
Excessive traffic usage
APP causes users to consume too fast battery
Instability in different network situations, such as the problem of white screen and death
For a particular aspect or problem, call it a special test.
such as compatibility test, flow test, battery test, weak network test, stability test, safety test and environment related test
A compatibility test
Functional testing, but focused on different hardware and software environments
1 Environment Preparation
For apps, you'll typically consider:
OS version, screen resolution, ROM for different manufacturers, network type
2 Cloud testing scenarios based on UI automation scripts
such as Testin
Two-flow test
Traffic consumption: User's operation, background "the user is not directly used in the case of traffic consumption"
1 Unique traffic testing methods for Android apps
A) based on the system's own statistical functions
PROC/UID_STAT/[UID]/tcp_snd
Proc/uid_stat/[uid]/tcp_rcv
2 IOS APP-specific traffic test methods
A) View network traffic through Instruments's own networks
3 General-purpose flow test methods
Grab a bag on your phone
Windows "Wireshark", Linux "tcpdump", Android "tcpdump"
Tcpdump-s 0-w T1.pcap-v
Access to traffic data based on the WiFi proxy
Automated Traffic Statistics Program:
The Fidder tool is typically used for HTTP capture and manual analysis
4 common ways to save on traffic
Data compression, adoption of different data formats, control of frequency of access, acquisition of only necessary data
Cache "required, control cache expiration and update policy", design different access policies for different network types
Three-battery test
1 Android Battery test method
1) test plan based on hardware, can accurately test the battery consumption situation of the phone
GSam Battery Monitor Pro View power consumption
2) Use a 3rd party app to evaluate the power consumption of each app on your phone
2 IOS Battery test method
Four Weak network test
When the network environment is complex, the App only exposes some problems
1 Network Condition Simulation tool with mobile phone
Support for Android is not good, primarily for iOS
2 simulation of weak network based on agent
Network Delay Simulator under Windows
Network Link Conditioner under Mac
Five stability tests
1 stability test based on Monkey
Monkey is a self-contained Android system, written by Java, in the path of Android/system/framework.monkey.har
The location of the shell program/system/bin/monkey
Monkey-p app_name-v Show Information at execution count number of events sent
Monkey can simulate: APP Click, Swipe, Key-input, also simulates the operation of various mobile systems, adjust the volume, open the notification bar, change network status, lock screen
Monkey test Stop condition, mainly has
1) The number of executions.
2) If the Monkey movement is limited to one or several specific packages, it will be terminated when it detects an attempt to transfer to another package.
3) application crashes or receives any out-of-control anomalies, Monkey will stop and error
4) Application A ANR "application not Responding" error occurred, Monkey will stop and error
"NOTE" Monkeyrunner and Monkey do not have any connection
Monkeyrunner is a toolkit that provides a number of APIs that can control Android devices and emulators outside of Android code, and Monkeyrunner can use their own code to launch apps and control the sending mode, compared to Monkey's uncontrollable analog events. The intended keystroke operation
Android ANR is a relatively easy to encounter stability issue that occurs when the APP encounters one of the following two scenarios application not responding
A) input events not responding to completion within 5 seconds, such as tapping the screen, keystrokes and other operations
b) broadcastreceiver not executed within 10 seconds
One of the common causes of ANR is that it takes a long time to perform operations on the main thread
Android ANR logs stored in/data/anr/traces.txt
Includes the stack information for each thread of the APP, which developers can use to troubleshoot the file.
3 Research on the method of stability testing based on fuzzy test idea
Using the idea of fuzzy testing fuzzing test, fuzzy test often users do security test, exploit security loopholes.
Six safety tests
1 installation package Test
1) can you decompile the code,
View source code with the Dex2jar tool in conjunction with the Jd-gui tool
2) Whether the installation package is signed
iOS no need to consider
Android does not have this type of check, you need to check before publishing the key used by the signature is correct, in case of malicious third-party applications to overwrite the installation and other issues
Check:jarsigner-verify-verbose-certs APK Package Path
3) Integrity check
The MD5 value of the check installation package can be automated
4) Permission setting check
On the Android platform, we can directly check the manifest file to read all the permissions required by the app
IOS is a reminder when the APP uses other permissions
2 Sensitive information Testing
1) Whether the database stores sensitive information
For example, if a cookie is saved to a database and someone else finds it, the information will be lost.
In general, sensitive information needs to be deleted after the user logs off, such as Cookie class data, it is recommended to set a reasonable expiration time
2) Whether sensitive information is present in the log
3) Whether the configuration file has sensitive information
3 Soft Keyboard Hijacking
For example, a financial app that cannot use a third-party soft keyboard, but should use a soft keyboard that comes with its own
4 account Security
For account security, we generally need to focus on a few points
1) password
2) Policy
3) session
4) Logout
5 Data Communication Security
6 Component Safety Testing
Whether the various components of the Android platform can be invoked maliciously by external applications, resulting in some security issues, including Activity, Service, ContentProvider, broadcase, etc., using the test method, by using the Droz ER tools + code
1) service-side interface testing
SQL, XSS, CSRF, ultra vires
7 Environment-related tests
For example, some apps use cameras, acceleration sensors and other hardware
1) Interference test
Receive phone, SMS, notification bar information, no power alert box popup, third-party software alarm Box Popup
2) Permission test
The user has banned certain permissions, causing the UI to be unfriendly and the program crashing
3) Boundary conditions
The environment of the mobile phone itself
Reduced available storage space, no SD card/dual SD card, airplane mode, System time error, third party dependent
4) Android Location test
White box mode because the location code eventually gets a positional object, we only need to manually set the latitude and longitude to test after acquiring the location object.
Simulator simulation
Mobile app Test "4"--Special test