How did this happen? A consequence of poor inter-app security testing.
Mobile platforms have been evolving at a scorching pace. Smartphone manufacturers aggressively compete with each other to build platforms that feature inter-app sharing, audio, and communication support for third-party apps with open-system APIs. This has significant pay-offs – low system utilization, high delivery ratio and low delivery time, among others. However, the drawbacks are several – these include vulnerability to app attacks, poor data security and user privacy violations. Moreover, the rapid rate at which the mobile app market is growing only compounds the problem of app security.
Handheld devices by their very design are meant to be compact. Therefore, optimizing computing resources during inter and intra-app communication or message passing, is a crucial requirement. This, in turn, mandates that data exchanges take place between apps or app components that are shared or reused. However, this leads to content theft and misuse if the data transfers are unsecure.
Inter-app testing helps mitigate these risks. It analyzes the linked functionalities of two or more apps that are accessible from a single app and without incurring losses in app or device performance, uses services called intents, binders and bundles to plug security holes and seal permission leaks.
Inter-app testing includes three types of tests:
- Functionality tests
- Security tests
- Compatibility tests
It also requires a two-step approach:
- First, differentiate between two types of intents – ‘explicit’ and ‘implicit’ – and test the intent filters.
- Next, test how a given intent impacts its associated app components and their constituents (activities, services, broadcast receivers and content providers).
After carrying out inter-app testing, verify your results by checking for functionality conflicts, security breaches and compatibility issues. Here are a few points to keep in mind while doing so:
- Functionality conflicts
- Security breaches
- Compatibility issues
A thorough understanding of the Android philosophy, expertise in the OS and proficiency in developing supported apps will enable tomorrow’s mobile-phone tester to create and adapt test methodologies that replicate and scale well.
Mobile inter-app testing has increasingly become strategic for business and other organizations in the Web 2.0 era. It has key benefits for privacy, user-friendliness and cost-effectiveness. With handheld devices proliferating in billions, and phone and tablet apps in millions, inter-app testing is set to become a make-or-break assurance mechanism worldwide.
Blog: Assuring mDevices for eBusiness