I wanted to write this blog post to present the only crowdsourcing platform that worked for me in a relevant way.I am reffering to uTest.com
   I have an account at uTest for one year and one week, but only in the last couple of months I was more active on the platform.
   The surprising thing is that you can really earn some cash and by that I mean incomes comparable with the local market. I myself can vouch for Czech Republic and I say that I believe it’s possible for a “uTester” to earn better than a full time tester here.
   I don’t want to focus on the money part, but the truth is that we do give interest more to something that can offer us financial benefits. You can also mix uTest easily with another job or other projects.
  But leaving that aside, I think what you can learn and the experience you can get is amazing. I have learned from others tricks, tools, approaches that I am not sure I could have found otherwise. My favourite areas are security and mobile.
  I have also tried other platforms, but most seem to use too much the “first you have to do free testing for your rating, then maybe we can give you paid projects” approach. In uTest you also have to build your ratings, but you still get something by doing that and it gives you some motivation.
  Now probably most testers, like me in the beginning, just make an account, see that don’t get relevant invites and then give up. uTest, as I see it, works more like a market, where testers and companies are paired by the demand/offer principle. To be successful you need good ratings, local reputation, be active and respond at the ads from the forum and,not the least, you need a public reputation.
  The good ratings are important because it proves that you did well for other clients in the similar environment and on the rules set by uTest. Of course you need projects and you need to do good work on those to get the ratings.
  The local reputation is what you proved on the platform. This includes in a way the ratings too, but not only that. Some project managers might give you projects if they thought you did good in a previous Test Cycle. Some clients might hire you again based on previous work. There are all types of forum activities (like “Bug of the month” contest) that can help you get a prize and a  good project.
  Another thing that you should try is to respond to ads to projects that you think are suitable for yourself.
  Public reputation I think it’s always important. There are special projects (where you can get 60$/bug and you can put 10 bugs easily / day)  where the clients prefer to handpick the testers. Those projects require a sensitive NDA ( the client needs to trust you) , proof of skills (the client cannot hire 100 testers and just let them play with their product; so skill is an important filter); the fact that you have a reputation (even controversial one) means that you have some “peer recognition” or you are “up-to date” or just “good” in a particular area. In general the client can find more about you and then more chances to hire you.
  One critical thing at uTest is to read the rules. The tendency is to be frustrated or not able to understand the rules enough (when you are starting with the platform). You might complain in the wrong place and a client can see the discussion and that is not good and might result in penalties.
  Overall I think uTest is something real.I am very glad uTest exists. Don’t quit your full time jobs! , but give the platform a chance and maybe you might like it. Ask for projects, participate in the initial programs that can give you a startup boost and try to check the ads.  

Introduction

    This is a small set of technical tips that could help in setting up a test environment for iOS and Android devices. It’s not testing per-se. This should be used by testers as starting point, and from there they could use their skills and own creativity.
   Mobile devices are used more and more and creating mobile-friendly apps is almost a must for most software companies.
   From the testing perspective, one area to focus is security. And another area is understanding the data transfer between the external environment and the device. Security has a direct impact of course, but no less important for a tester is “what is going on with the data sent/received”.

Examples of issues

     1. An web app with sensitive data has a mobile platform. Using web is safe, but the data transfer between the device and the platform creates backdoors for hackers
     2. Web platform is working properly, but because of how the data is stored on the mobile device, there are issues

Areas to focus

   1.Monitoring HTTP(s) traffic used by iOS and Android

   2.Stored files, de-compiling the app

   3.Logs

1.HTTP Traffic

     (this is uses some specific examples, but anyone can use variations of it)
     

 Setting up monitoring tool:

(You need a Windows machine for this)
1. Install Fiddler from http://www.fiddler2.com/fiddler2/
2. Open Fiddler
3. Go to Tools->Fiddler Options
4. Select “Connections”
5. Check the option “Act as system proxy on Startup”

6. You need to restart Fiddler to make sure changes are in effect

Setting up an iOS device
I will use an example for iPad2

1. Go to “Settings”
2. Select “Wi-Fi”
3. You need to be connected in the same network as the Windows machine using Fiddler
(only for the simple example presented here; other variation possible, including situations where iPad is using other connections)
4. In “HTTP Proxy”:
  (Use the “Manual Option”)
  – set Server: The IP of the Windows machine
  – Port: The port that is used by Fiddler (default 8888)
  – (any authentication you might have set)

5. Now you can try to open an URL in your iPad browser and see on the Windows machine if Fiddler sees the traffic

Note: Although you don’t need anything installed on the device than the default factory software, would help to have something to debug possible problems.

Setting up an Android device
Ok here there is no need to have an actual device and because for testing you might need various simulations anyway, an emulator could be used.

I recommend using eclipse-SDK-3.7.2-win32 and Android SDK http://developer.android.com/sdk/index.html

(I won’t get into details on how to setup that, but here it’s a starting point http://developer.android.com/sdk/installing.html)

1. You need to setup a Run Configuration to start the android the device
 

2. When you have a setup like above start the android emulator
Important Note!: It will take very long to load (around 3 min usually), but once there it will work more smoothly

3. Bring the Apps Screen

4. Go to “Settings”

5.Click on “More”

6. Select “Mobile Networks”

7.Go to “Access Point Names”

8. Edit Access Point

- Proxy : Fiddler’s proxy IP address
- Port : Fiddler’s proxy IP port (8888)
- Username : <Not set> (clear it if anything is already there)
- Password : <Not set> (clear it if anything is already there)

9. Press Menu then Press Save (although it seems to be saving automatically )
10. Exit settings and try to browse a website and see if Fiddler displays the traffic

2.Local files

iOS
For iOS you need to get to the *.ipa installation file (or the installed files itself , but that is not very nice ) and unzip it like a normal archive. Then look for *.db files or files that look that are sqlite, which you can open with sqlitebrowser http://sqlitebrowser.sourceforge.net/ 

Android
Would be nice to get the .apk file here then use the APKTool to try reverse engineering the app.

Cross platform
When an application is developed in many platforms, usually it shares common vulnerabilities. For example if there is a Windows and  an iOS version, it might happen that the Windows installation contains the (usually needed for  iOS version) sqlite files that can be directly opened with sqlitebrowser (it might be hidden or have a different unrecognizable extension though)

3.Logs

iOS
To monitor what is going on the iOS device from Windows, connect the device via cable and use “iphone configuration utility for windows” http://support.apple.com/kb/DL1466

Android
For Android LogCat is a nice solution
You can also connect remotely to an android device using “adb”