Testdroid Brings Security and Vulnerability Testing for Android Developers

Bitbar, the mobile devops company. Logo, large

Dear Testdroiders,

We’re so excited to introduce you the new Testdroid service for security and vulnerability testing – the integration of Testdroid Cloud with Codenomicon security suite. This service will work now with Android applications, but soon we’ll provided it to iOS apps as well. If you are looking what your app is made of – something that you probably didn’t know about your app – try it out and you’ll be surprised!

Majority of today’s applications consist largely of third-party code/libraries and application-specific glue to hold everything together. This is a prudent and well-accepted development practice that offloads the task of developing code for non-core functions of the application. Each piece of third-party code has an associated license whose terms can affect the distribution and licensing of your application.

Security Testing

Testdroid Cloud now provides an integration with Codenomicon security test suite – APPCHECK – that scans applications and lists the known vulnerabilities and software licenses associated with the contained code and libraries. This security test feature uncovers third-party code and libraries, both open source and proprietary, and enumerates the CVE (Common Vulnerability and Exposure) identifiers, as well as associated software licenses. User just needs to upload an apk file to find out what’s inside, and no source code is required. Get the information you need in just a minute.

Identifying third-party code, its vulnerabilities and its licenses, is critical to understand your security exposure and your liability. Testdroid’s security and vulnerability service uses Codenomicon’s patent-pending binary scanning technology to provides following key functions:

  • Identifying third-party software packages and third-party libraries
  • Identify binding software licenses for third-party code in the scanned application
  • Identify vulnerabilities in third-party components that could be security risks in your application.
  • Get alerts based on a saved application fingerprint when new vulnerabilities are reported against the components it uses.
  • Easy-to-use interface: just press a button to upload your binary and results are delivered in minute.

Who will find this service extremely useful?

The one great example is the mission- and safety-critical applications, such as mobile banking and payment applications. Mobile banking and the usage of mobile to carry out financial transactions have become prominent around the world. With the proliferation of mobile devices (and bank apps) globally, millions of end-users are keen to have financial data available at their fingertips using their smart devices. Banks and financial service companies are faced with new challenges to address on how to build secure applications for their customers. This integration is a giant leap to ensure app runs fine one whole array of Android devices.

The second great example is the video streaming and media service applications. As data is critical to users, malicious software (or people) can exploit user’s data. Any security and vulnerabilities in video streaming can cause severe issues for people using these applications. As application updates through Google Play get automatically pushed out, it is also very important to make sure those apps work well on all Android devices.

Finally, any mobile app/game developer dealing with open source components – and embedding those in their apps – should take a look at this service. It will provide an excellent information about those components, plus information about potential vulnerabilities in those applications targeted for end-users.

Security September

How to access this service?

Just in case you don’t have credentials to Testdroid yet, please go through the following steps to access this service:

  1. Create an account in Testdroid at https://cloud.testdroid.com/
  2. Activate your account by clicking the activation link sent to you via email
  3. Log in and create a new Android project
  4. For test type if you don’t have your own tests, select “App Crawler”. In case you have Robotium or uiautomator tests, select “Full test run”. Click “Create new test run”.
  5. Upload your APK and check “Execute security tests”
  6. Click Start new test run.

Now, you’ll find your app to be executed on 15 Android devices and you’ll get the test results in minutes. The security tests will be executed at the same time and you will find summary and detailed results of those under your test run on Security tests panel.

Security Tests with Testdroid

This service can be purchased from Testdroid Cloud.

Happy security testing!