Introduction

    This is a small set of technical tips that could help in setting up a test environment for iOS and Android devices. It’s not testing per-se. This should be used by testers as starting point, and from there they could use their skills and own creativity.
   Mobile devices are used more and more and creating mobile-friendly apps is almost a must for most software companies.
   From the testing perspective, one area to focus is security. And another area is understanding the data transfer between the external environment and the device. Security has a direct impact of course, but no less important for a tester is “what is going on with the data sent/received”.

Examples of issues

     1. An web app with sensitive data has a mobile platform. Using web is safe, but the data transfer between the device and the platform creates backdoors for hackers
     2. Web platform is working properly, but because of how the data is stored on the mobile device, there are issues

Areas to focus

   1.Monitoring HTTP(s) traffic used by iOS and Android

   2.Stored files, de-compiling the app

   3.Logs

1.HTTP Traffic

     (this is uses some specific examples, but anyone can use variations of it)
     

 Setting up monitoring tool:

(You need a Windows machine for this)
1. Install Fiddler from http://www.fiddler2.com/fiddler2/
2. Open Fiddler
3. Go to Tools->Fiddler Options
4. Select “Connections”
5. Check the option “Act as system proxy on Startup”

6. You need to restart Fiddler to make sure changes are in effect

Setting up an iOS device
I will use an example for iPad2

1. Go to “Settings”
2. Select “Wi-Fi”
3. You need to be connected in the same network as the Windows machine using Fiddler
(only for the simple example presented here; other variation possible, including situations where iPad is using other connections)
4. In “HTTP Proxy”:
  (Use the “Manual Option”)
  – set Server: The IP of the Windows machine
  – Port: The port that is used by Fiddler (default 8888)
  – (any authentication you might have set)

5. Now you can try to open an URL in your iPad browser and see on the Windows machine if Fiddler sees the traffic

Note: Although you don’t need anything installed on the device than the default factory software, would help to have something to debug possible problems.

Setting up an Android device
Ok here there is no need to have an actual device and because for testing you might need various simulations anyway, an emulator could be used.

I recommend using eclipse-SDK-3.7.2-win32 and Android SDK http://developer.android.com/sdk/index.html

(I won’t get into details on how to setup that, but here it’s a starting point http://developer.android.com/sdk/installing.html)

1. You need to setup a Run Configuration to start the android the device
 

2. When you have a setup like above start the android emulator
Important Note!: It will take very long to load (around 3 min usually), but once there it will work more smoothly

3. Bring the Apps Screen

4. Go to “Settings”

5.Click on “More”

6. Select “Mobile Networks”

7.Go to “Access Point Names”

8. Edit Access Point

- Proxy : Fiddler’s proxy IP address
- Port : Fiddler’s proxy IP port (8888)
- Username : <Not set> (clear it if anything is already there)
- Password : <Not set> (clear it if anything is already there)

9. Press Menu then Press Save (although it seems to be saving automatically )
10. Exit settings and try to browse a website and see if Fiddler displays the traffic

2.Local files

iOS
For iOS you need to get to the *.ipa installation file (or the installed files itself , but that is not very nice ) and unzip it like a normal archive. Then look for *.db files or files that look that are sqlite, which you can open with sqlitebrowser http://sqlitebrowser.sourceforge.net/ 

Android
Would be nice to get the .apk file here then use the APKTool to try reverse engineering the app.

Cross platform
When an application is developed in many platforms, usually it shares common vulnerabilities. For example if there is a Windows and  an iOS version, it might happen that the Windows installation contains the (usually needed for  iOS version) sqlite files that can be directly opened with sqlitebrowser (it might be hidden or have a different unrecognizable extension though)

3.Logs

iOS
To monitor what is going on the iOS device from Windows, connect the device via cable and use “iphone configuration utility for windows” http://support.apple.com/kb/DL1466