Back in July, we took a look at Testdroid, a service that allows developers to test their application or game on over 250 different actual devices. This isn't an emulation service – every single test is performed on real Android-powered devices, which in turn exposes real problems. Some of the biggest names in the book are using Testdroid these days – Facebook, Swiftkey, Rovio, Pinterest, Paypal, and many others – so it's only natural that the company step up its game to keep customers happy.
Introducing security and vulnerability testing, now part of Testdroid Cloud. With these new tests, developers are able to find security holes and vulnerabilities within their apps quickly and easily. Here's how it works.
Modern applications "consist largely of third-party code/libraries" amidst the proprietary code. This makes developers' jobs easier, as it essentially "automates" (for lack of a better word) the non-core functions of the application. But here's the kicker: said libraries and third-party code can contain known vulnerabilities. This, of course, affects the security of the app or game. And no one wants an insecure app.
That's where Testdroid Cloud comes into play. Testdroid now integrates with Codenomicon's security test suite (called APPCHECK), which scans the app and lists all known vulnerabilities found within the code and libraries. The user doesn't even need to provide the source code – simply upload the apk and away it goes. The app is then scanned, where both third-party code and libraries (proprietary and open source) are exposed and known issues are revealed. The entire process only takes about a minute.
But it doesn't just stop with the initial scan. The Codenomicon scan will not only identify all software packages and libraries along with any associated vulnerabilities, but it will continue to monitor the application fingerprint and send out notification alerts when new vulnerabilities are found. That's good looking out.
So, who can benefit from Testdroid's security and vulnerability testing? It's not just for those looking to make a profit off their app – financial institutions, banks, payment vendors, service providers, and video/other media streaming services can all benefit from application testing, as they're reading and transmitting some incredibly sensitive data (especially anything finance-related).
To show how this new feature works (and how simple it is to use) Testdroid is offering a way for users to check it out free of charge. Here's what you need to do:
- Create an account in Testdroid Cloud.
- Activate your account by verifying the activation link sent to your email.
- Log in and create a new Android project.
- For test type, select "App Crawler" and click Create New Test Run.
- Upload your APK. After this is done, check "Execute security tests."
- Click Start new test run.
Testdroid will then not only scan the app for vulnerabilities, but also test it on 15 different Android devices, giving you a taste of what the service is all about. Once you've gotten a feel for what it can do, Testdroid Enterprise is only a few click away.