What Testers Need To Know About The Blackphone Bug Bounty Program

Silent Circle has implemented a bug bounty program for its Blackphone through the Bugcrowd platform. The project aims to root out vulnerability issues in the company’s proclaimed “surveillance-proof” device. The concept is simple: software testers work with the company’s PrivatOS and earn a $128 bounty for every bug found and reported.

What Is Blackphone?

Silent Circle’s Blackphone comes pre-installed with specialized apps and software design to protect users’ privacy. This includes silent communications technology that enables anonymous internet browsing and VPN connections, wireless network security, private cloud storage, and call and text message encryption.

Blackphone runs on PrivatOS, a heavily modded version of Android OS 4.4 “Kitkat” that includes Silent Circle’s own ‘silent’ features for keys, contacts, calls, and texts. The versatile services lets users send and receive calls and texts, move, store, and manage files, and make video calls under the premise that they will not be tracked, recorded, or otherwise breached see page.

The ‘silence’ works by establishing failsafe security lines between compatible phones. The service uses auto-generating and deleting encryption technology that creates and deletes keys. To ensure maximum protection, the keys are never stored on the phone or transferred to Silent Circle.

How Does The Bounty Program Work?

Launched by Silent Circle, the bug bounty program encourages security testers to unveil and discreetly report vulnerabilities in the Blackphone’s apps, network services, and cloud offerings. The program also includes Blackphone-related websites and web offerings. For the phone’s PrivatOS, the bounty program includes integrated apps, OS updates, server vulnerabilities, and issues with the web portal.

The Blackphone bug bounty program pays at least $128 to anyone who uncovers and reports new security issues or exploits affecting the phone. The company may adjust the amount depending on the severity of the vulnerability and other factors, and cannot be legally barred from issuing a reward. For someone to qualify, they must:

  • Be the first to report the vulnerability
  • Report a vulnerability that meets the program criteria
  • Not publicly announce the vulnerability before Blackphone’s decision
  • Not currently work for Blackphone or partner organizations

The program excludes descriptive error messages, 404 HTTP error codes, issues specific to clickjacking and self-XSS exploits, logout cross-site request forgery (CSRF) and other vulnerabilities found on the project page.

Reaching The Pinnacle Of Security

Former Blackphone CEO Toby Weir-Jones announced that the company aims chiefly to ensure user privacy and prioritize security. Through the Bugcrowd-based bug bounty program, the Blackphone’s weaknesses can be exposed – and patched. Current CEO Bill Conner, appointed in January, announced his intent to succeed where BlackBerry failed and knight Silent Circle as the new Apple.

The Silent giant may not conquer Apple anytime soon, but its bug bounty program is helping the Blackphone reach new heights of data security and privacy. The program came into being after hackers breached the Blackphone at the Las Vegas Def Con hacker conference in 2014.

While a truly invulnerable device probably won’t escape the dreams of a technophile, makers of the Blackphone hope to make their device the most secure on the market.

“Our belief is that you have to go to next generation architecture, like mobile, that is more secure in some ways, but still has its liabilities,” says Conner. “We are trying to intercept the next generation architectures from devices to application suites to the networking services to do that.”

Blackphone is the brainchild of Silent Circle, who bought out partner Geeksphone to gain full ownership of its former joint identity, SGP Technologies. Equipped with the latest version of PrivatOS, the Blackphone combines personalization with what Silent Circle deems “truly surveillance-proof” technology. For bug testers, the Blackphone represents a unique opportunity to gain insight into the latest security developments and earn some respectable spending money.

Edgar L

3 Top Choices For Automated Testing

When it comes to precision in automated mobile app testing for 2015, there are at least three frontrunners that stand out for Android and iOS: Appium, Calabash, and MonkeyTalk. While these software test automation resources have some stiff competition, open source and automation opportunities make it easy for these tools to rise to the top. Like most great test automation tools, these tools are widely known for testing the code, graphical user interface (GUI), and application programming interface (API), including these necessary functions: improvements for product installs, appropriate test data, troubleshooting for problems or defects, GUI interactivity capabilities, and more. This features list is likely to be present with any good automated testing software, but the demand for user experience (UX) places the top three choices in a category of their own.

Appium Is All Inclusive

Appium is the open-source solution for automating native, mobile, or hybrid apps built for both Android and iOS platforms. While native apps use software development kits that are standard with Android or iOS, mobile apps are web apps users access from a mobile browser. Known as the “cross-browser mobile automation tool,” Appium is developed by Sauce Labs and relies on JSON wire protocol under Selenium WebDriver. The beauty with Appium for many developers is that it supports Chrome or another local browser on an Android platform and Safari on the iOS platform. Appium offers support for a hybrid app as well, for native and mobile web interactivity. The Appium tool, unlike its counterparts, does not require an extra compiling agent for app code for mobile app interaction. As well, Appium’s cross-platform capabilities make it a perfect choice for using the same tests across the board.

Calabash Uses Object-Oriented Languages

When you seek an automated acceptance-testing option for a mobile app, Calabash is the popular answer to your quest. Also using open source, Calabash provides an application programming interface (API) specifically for native apps that run on touch screens. Keep in mind the huge difference between the interactivity possible on a web app from a desktop versus the native touch screen options on a mobile device. Calabash uses Cucumber and Ruby for writing tests, which comes with some accolades for being easily understood by those in the non-technical community. While Calabash succeeds best in building a diverse open source community, testing the precise app, writing tests in any language, and using standard automation and APIs are not at seamless. Calabash is backed and developed by Xamarin.

MonkeyTalk Wins In Popularity

MonkeyTalk by Cloud Monkey has a reputation for a broad range of basic to advanced tests for Android and iOS apps that are real-time, functional, and interactive. Also using open source (community edition) for its automated testing, MonkeyTalk is described as a powerful cross-platform tool providing, “a seamless workflow, high productivity, and minimum hassle.” It will record and play test scripts for Android and iOS apps as well as hybrids. According to an article by Stu Stern, Gorilla Logic, in Monkeytalk Alternatives—Which Automation Tool is the best, “While many automation engineers have mastered the available tools for automating web application testing, mobile applications require new kinds of tools that understand the richer palette of user interface components and gestures that comprise modern mobile application interfaces.” Stern introduces MonkeyTalk as a popular mobile app test tool for native Android, iOS, HTML5, and Adobe Flex apps.

The choices for automated mobile app testing are expanding rapidly, but for now these top choices are holding their own in the development community. With the daily research and expansion in mobile and web app development, automated app testing software is one of the most key components to the success of a business app for expanding companies.

Marsha J

Best Tools For Load Testing Your Application

Device Demographics

Managing a web or mobile application can be complicated, especially with hundreds, thousands, or even millions of users waiting in anticipation for its official launch. Knowing some of the best load testing tools that are available for cloud infrastructure setups is a way for you to ensure you are ready to go live whether you are selling products and services or simply sharing content to millions of users worldwide. Testing the load of an application or mobile product on multiple network services is a way for you to guarantee your uptime while ensuring you are able to deliver the products and content you need to your own users and potential customers.

Finding the Right Testing Tools

Finding the right testing tools for your network and when working in the cloud is essential prior to launching a new system or application for alpha or beta users to begin trying. Knowing the type of load you are capable of handling is a way to launch any app live without the worry of lag or shutting down entirely.

Consider Your Network and Audience

Before looking for the right usability and testing tools, be sure to consider the network and audience you are appealing to with your brand and the mobile tool or script you are sharing. Having a thorough understanding of the demographic you want to appeal to is a way to eliminate testing services and cloud networks that are not ideal for the type of content, products, or services you want to share.

Consider Your Budget

Before you begin comparing different mobile applications and tools to keep content, data, and information safe, consider the budget you have available for the testing software and services you require. Many application testers today are available free to charge and test before choosing a system you want to use permanently when loading content and sharing products with others.

Some of the Most Popular Testing Tools for Mobile Applications and Development

Before you begin sharing products or showcasing any of the content your business has to offer, consider comparing some of the most popular testing tools for mobile app development on the market today. Taking the time to compare some of the most well-known mobile app tools is a way for you to ensure you are getting everything you need out of your mobile platform without having to do all of the testing on different networks yourself.

AgileLoad

AgileLoad is one of the most popular options available for load testing with new mobile apps as it is free of charge and provides insight into the various types of issues you may experience when running your own app. The app itself is free to use, provides full support, free scripting, and it is highly customizable–perfect for companies interested in branding the backend tools and systems in place.

Load Impact

Load Impact is another free tool available for mobile app developers and testers alike. Along with the tool itself being free of charge, it also offers a pay as you go system for those who enjoy the application and want to continue utilizing it for their own business over time. The tools allow individuals to test load large scenarios while working with multiple businesses and groups of potential customers and consumers. Real time testing is one of the biggest advantages of using Load Impact for any business model.

Keynote KITE

Keynote KITE is another free software tool to use to help with monitoring and balancing the load users have over a network and infrastructure you have set up and developed. The system is free to use, easy to work with, and even allows users to share data between one another, making it simple to communicate and stay up to task with all mobile app sharing tools and developments.

Ashley Q

5 Open Source Testing Tools For App Developers

Medical technology

Open source can be a developer’s best friend. When it comes to app testing, open source solutions can give developers a cheap and effective means of performing basic quality assurance.

Why open source testing tools? Apart from the fact that you always want to make sure that your hard work is moving towards the right direction, you also want to make sure that you’re releasing the best possible product. In the world of mobile apps where countless new pieces of software are being released on a daily basis, you can’t just have an “OK” or even a “good enough” launch and hope to survive in the marketplace. You need a great one to get people’s attention in the quickest way possible.

Open source testing tools are just one way in which you and your team can accomplish that goal. Here are five open source testing tools in particular that are more than worth your time.

1. Monkey Talk

Monkey Talk bills itself as “the worlds greatest mobile app testing tool.” When you take a look at the feature set being offered, it’s easy to see why. Monkey Talk works for both the iOS and the Android platforms and can test a variety of different platforms including native apps, mobile apps, hybrid apps and more. You can perform data-driven tests, smoke tests and nearly anything else to make sure that your software has the launch that you need.

2. Appium

Appium is a tool used to perform automation tests for native, web and hybrid mobile applications. Like Monkey Talk, it also works for both the iOS and Android platforms. The tool is an incredibly valuable one for both SDKs (meaning apps that were written specifically for Android or iOS) and applications that are tested via some type of mobile web browser (like the mobile Safari web browser that comes natively installed on all iPhone devices).

3. Frank

Frank is an open source mobile application testing utility designed specifically for the iOS operating system. The great thing about Frank is that it allows you to write specific structure text tests based on exactly what it is that you’re trying to accomplish. In addition, you can also create detailed acceptance tests based on a list of pre-defined requirements that will then be used to test your iOS app so that you can have actionable information about what works, what doesn’t and what still needs to be done.

4. Robotium

Robotium is a testing automation utility designed specifically for mobile apps that run on the Android platform. Not only does Robotium give users the ability to conduct regular unit tests based on a pre-existing library, but developers can also write essentially any test that they’d like for quality control purposes based on Java. The GUI is sleek and clean and the application itself is incredibly easy to use.

5. Sikuli

One of the most important aspects of your mobile app will always be the graphical user interface. You can lay in all of the features in the world and create a truly “one size fits all” piece of software, but if it’s cumbersome or otherwise difficult to use it won’t be able to get any type of traction.

Sikulu aims to fix all of that. It’s a completely open source tool used to automate the process of testing the graphical user interface of your apps. You can create scripts that, when used in conjunction with the built-in screenshot feature, allow you to easily control every last aspect of the GUI. Screenshots can be added into your test with just the click of a single button, allowing you to completely automate the testing process and accomplish a significant amount in a very small period of time.

Stephen L

Healthcare Apps: Time For A Second Opinion?

Medical-Apps-300x300It’s one thing to trust an app that counts your steps throughout the day. It’s another thing to trust an app that helps to diagnose you with a serious illness. As the number of healthcare apps continues to grow, the questions remains: Can healthcare apps be trusted?

This is becoming a key question lately for consumers, healthcare professionals, app developers and the media – and it’s one that we wanted to briefly address in today’s post.

There’s a sound reason why the general public places their trust in prescription drugs and medical devices – namely, regulation. But while the United States Food and Drug Administration (FDA) regulates most medical devices, they review very few applications. At this point in time, experts say that the FDA’s power and efforts aren’t nearly enough to cover the estimated 97,000 health apps currently in the app stores – a number that will only continue to grow in all likelihood.

While these apps hold great promise, they offer have the potential for to cause great harm, as InformationWeek.com recently noted:

Without a new approach [to regulation], consumers risk aggravated conditions or even death due to poorly designed, fraudulent, or dangerous technologies, these critics say. Healthcare providers, too, find it increasingly difficult to discern valid from invalid apps, making it tougher to recommend mHealth apps to motivated patients.

In a recent editorial published in The New England Journal of Medicine, health law expert Nathan Cortez and his colleagues also questioned the validity of the promises made by many of these apps to improve health and reduce medical error. While a large number of health apps are out there simply to help consumers track their exercise or dieting habits, there are plenty of other apps that pose a more concerning risk to their faithful users. Apps that handle issues like managing insulin doses for diabetic patients, for example, could simultaneously affect an entire userbase if a single mistake or bug enters into the app’s infrastructure, assuming the app could be deemed safe and trustworthy from the start.

According to Cortez, “Early studies evaluating whether these apps work or not tend to paint a pretty dim picture of them. The results aren’t that promising.”

Continue Reading

Localizing Your App? Some Things to Keep in Mind

l10nWhat works in one market will fail miserably in others. Not only is this true for physical consumer products – it’s also true with regard to mobile apps. Hence the dramatic uptick in localization testing over the last decade.

Of course, localization testing often highlights issues after the fact, once the app has already been developed, and in some cases, launched. So how can you ensure that your app’s international success equals (or exceeds) its domestic success before launch?

Answers can be found by taking a closer look at a recent study by mobile app research form Distimo, which focused on the Asian apps economy. Specifically, why Asian developers have had a difficult time adapting their apps to a western audience. Below are a few lessons for all app developers, marketers and brand leaders looking to expand their app presence.

Start to develop for an international audience, then tailor to local

Internationalization” in software development is the practice of designing software for the broadest possible audience, supported by multiple languages.

This software can then be tailored through “localization” to add local-specific components without engineering changes. The combination of these two practices is often called “globalization.”

Globalized software is customized so that it can appeal to a local market, but uses computer encoded text that can be used world-wide. Components of software that can be easily manipulated through localization include images and colors, currencies, weights and measures, government assigned numbers, addresses and postal codes.

Continue Reading

Starbucks: Time to Test the Coffee App

Starbucks-AppFor coffee lovers that first cup of Joe is often the highlight of the morning (or day, depending on your level of dependence). Naturally, that makes waiting in line the worst part of your morning. Starbucks is hoping to change that. How? With their new mobile app, of course.

The coffee giant is currently testing our a new mobile app that would give customers the ability to place their order ahead if time, and pick it up without much of a wait. Here’s Android Police with the details:

“The company is hoping to give customers the ability to shop at certain other establishments using its app, and it’s already in talks with multiple potential partners. Starbucks has found success with its mobile efforts thus far, and it’s looking to give its customers even more to reason to be hooked.”

If you think this sounds too good to be true, then you’re probably a mobile app tester. Before we offer our own take on some scenarios that might prevent this app from widespread adoption, here’s what the writers at Android Police had to say:

“There are some logistics to take into account. There’s the obvious, such as how customers will feel if they come in and their order isn’t ready. Then there’s the more coffee-specific concern of dealing with someone who has arrived late and their coffee has gone cold.”

What else could go wrong? Here are a few more items to consider:

  • Are payments made instantly through the app? If not, what about all of the orders that are placed but never picked up?
  • How will consumers know what time works best to place an order?
  • How will the staff know when to start making an order?
  • What about ordering when one is in close proximity to other Starbucks locations? Will the location-based functionality be consistent

Starbucks is well-known for their mobile ingenuity, but they are also fanatical about the customer experience, so we imagine these are questions that are certainly being considered in the testing phase of this project, as well as others:

Yet this may be just the beginning, not merely of broad availability of in-app ordering somewhere in the future, but for the Starbucks app in general. The company is hoping to give customers the ability to shop at certain other establishments using its app, and it’s already in talks with multiple potential partners. Starbucks has found success with its mobile efforts thus far, and it’s looking to give its customers even more to reason to be hooked. Though the caffeine may be doing a good enough job of that already.

As testers, do you see any red flags with an app like this? Let us know in the comments section!

It should be interesting to watch how Starbucks will be able to take this mobile app and still deliver stellar customer service.

 

Your App Has Been Delayed: Airlines Playing Catch-Up in the Apps Economy

mobile_airlineMobile apps are no longer a novelty; they are an essential component for almost all businesses in all industries. Of course, some have arrived at this conclusion years ago, while others have experienced a bit of a delay. Namely, airlines.

While most airlines now offer an enhanced user experience via mobile apps, not everyone has followed suit. NDTV recently covered a story highlighting the app development efforts of several major airlines – and how their take on mobile might radically change the industry. Take a look:

As the quality and accessibility of air travel has improved over the years, so too has been the rise and impact of technology both in-flight as well as on the ground. Today, people can walk in to the airports with the tickets flashing on a cellphone or a tablet and use that to check-in.

Indigo Airlines took its first step by bringing a mobile site live over a year ago, but it launched its first app for Apple’s App Store, Windows Phone and Google Play only this January. Using the app, you can book your ticket, check the status of flights, get the PNR for your journey, and the airline is also giving some exclusive deals for people using the mobile app.

In addition to the standard features (booking, check-in, flight status, etc.) several airlines are currently creating new features, including one that will project the potential wait time for passengers, including the estimated wait time at security:

Receivers detect Bluetooth signals from electronic devices as passengers enter and exit security lines. This information is used to calculate the average waiting time and then enables the authorities to deploy security staff at the right place or even make announcements about how long it would take passengers to clear checkpoints.”

Of course, with new features and functionalities come new testing challenges. Here are a few that caught our immediate attention:

Continue Reading

App Testing in China’s Mobile Market

china_mobileLike any business entering into a new market for the first time, it is of vital importance for mobile app testers to understand the temperament of that market. As Silicon India recently discussed, the China mobile market represents an intriguing landscape with a high ceiling, but it is not without its own set of challenges and nuances.

The People’s Republic of China has a population estimated at roughly 1.36 billion people. That’s more than 19% of the population of the entire planet. There are also currently about 390 million mobile internet users. That number is only going to grow.

According to the 2012 Q3 results presented by Umeng, a Beijing-based mobile analytics company, Chinese users had purchased 200 million iPhone and Android smartphones. This large userbase represents a land of opportunity for Western developers, but mobile app testers should be prepared for a new, different set of trials.

There are about 20-25 local mobile ad networks, although many of these networks use illegal means to boost app store downloads and increase rankings. Attempting to combat this problem, Apple has begun penalizing mobile app developers for taking such an approach. However, local ad networks still advertise their abilities to deliver mobile app conversion rates as high as 50%, signaling that the problem still remains prevalent.

Continue Reading

Is the Login Screen Necessary for Your Mobile App?

loginThe login screen: an area of great debate amongst mobile app developers and testers. Some believe the login creates a more customized experience for users since it saves their personal information. However, others (e.g. consumers) resist the login page and immediately leave an app when it requests personal information. What is to be done? The Nielsen Norman Group recently discussed the debate regarding the creation of a log-in account.

Login walls require a significaninteraction cost: users must remember their credentials (if they have an account) or take the time to create a new account. Therefore, sites should use them only if users will benefit significantly from the presence of these walls.”

What could occur when a new user encounters a login wall? A few things:

  1. Users are confronted with the login page first-hand and immediately bail on the application
  2. Users complete the login process and proceed to navigate through the app
  3. Users remember their login, come back to the app and have an overall good user experience
  4. Users login once, forget their password the second time and don’t bother using the app again

Though they were mostly referring to website pages – where passwords can be easily saved – the same logic applies to a mobile app, particularly point number one. If a user is required to sign-up before doing anything else, there’s a good chance the app will be abandoned. In many instances, a mobile app will require a sign-in after a major update, or after a certain amount of time passes, so you cannot always count on saved passwords to address this concern.

So should your mobile app require a login? If so, when and where? Let’s take a closer look:

Continue Reading