Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Rooting Your Devices to Test Outside the Box

28 views

Published on

The mobile landscape has changed how companies think of information technology. However, many organizations have failed to make the most of the mobile testing tools available. Alan Crouch explores how rooting your devices can help you break past your mobile testing block and allow you to test in more exciting, creative, and different ways. Rooting, or jail-breaking as it is called in the iOS world, is the process of allowing users of smartphones, tablets, and other devices to attain privileged control—or root access—over various subsystems. Rooting is often performed with the goal of overcoming limitations that carriers and hardware manufacturers put on some devices. And it should be a critical part of your testing strategy. How do you simulate interrupts and system faults? Access back end practices? Quickly modify your location without moving an inch? Create application test data directly on a mobile device? Alan shares how you can use rooting to answer these daunting questions and broaden your testing techniques to increase mobile application quality. He discusses the secrets of breaking through red tape to build a culture of experimentation—without fear of the unknown. Join Alan to discover how to leverage rooting and your mobile technology experiences to improve software and accelerate your career.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Rooting Your Devices to Test Outside the Box

  1. 1. K4 Keynote 4/28/17 3:15 PM Rooting Your Devices to Test Outside the Box Presented by: Alan Crouch Coveros, Inc. Brought to you by: 350 Corporate Way, Suite 400, Orange Park, FL 32073 888---268---8770 ·· 904---278---0524 - info@techwell.com - https://www.techwell.com/
  2. 2. Alan Crouch Coveros, Inc. Alan Crouch is a director of mobile testing with Coveros, Inc., which helps companies build better applications using agile, DevOps, and security best practices. Alan works with C-level and senior management at private companies and federal agencies to transform and adopt a more "mobile-first" approach to information technology. Alan has worked with Departments of Homeland Security, Defense, and Health and Human Services; Symantec; and mobile start- ups to build and test Android, iOS, and responsive web applications. His passion is the intersection of mobile testing and information security. Spare time finds Alan traveling the globe and creating adventures for his son and daughter. Follow Alan on Twitter @RealAlanCrouch or on LinkedIn.
  3. 3. 4/6/17 1 © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 1 Agility. Security. Delivered. Roo#ng Your Devices to Test Outside the Box Alan R. Crouch @RealAlanCrouch Mobile Dev + Test 2017 San Diego, CA © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 2 Agenda • What’s Happening in the World of Mobile? • What’s “Everyone” Else Doing (When It Comes to Mobile TesYng)? • Why Root When You Test? • Leveraging RooYng to Test Outside the Box
  4. 4. 4/6/17 2 © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 3 What’s Happening in Mobile? More Devices, More (User) Control © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 4 What’s Happening in Mobile? More Opera:ng Systems, More Versions!
  5. 5. 4/6/17 3 © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 5 What’s Happening in Mobile? More Opera:ng Systems, More Versions! © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 6 What Happening in Mobile? More Apps, More Data, More Complexity!
  6. 6. 4/6/17 4 © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 7 What Happening in Mobile? More Apps, More Data, More Complexity! © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 8 What’s Happening in Mobile? Source: Red Hat Mobile Maturity Survey 2015 More Growth, More Market Satura:on! Mobile Growth Plans by Organiza:on for 2016
  7. 7. 4/6/17 5 © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 9 What’s Happening in Mobile? More Power, More Capabili:es! © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 10 What’s “Everyone” Doing? • Bad habits from tradiYonal applicaYon tesYng community have penetrated the mobile app tesYng community • Poor Hiring and Training PracYces • Mobile test automaYon is no longer opYonal
  8. 8. 4/6/17 6 © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 11 What’s “Everyone” Doing? • Status of RooYng in Mobile TesYng: A)  Bears – Curious Testers/Mother-Bears B)  Ostriches – Testers Overcome by Fear or “Policy” C)  Grump Cats – “I know beeer” Testers © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 12 Because I’m Morally Obligated • RooYng does come with risks • Voided Warranty • Possibility of becoming “bricked” • Is rooYng illegal? • No
  9. 9. 4/6/17 7 © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 13 Why Root? • More similarly test real-world user scenarios. • TesYng on a modified device can expose addiYonal tesYng interfaces • Advantages of RooYng: • Alter or replace system applicaYons • Run specialized apps • Full customizaYon • Access normally inaccessible data • Test Data Seeding • File Recovery • Enable / disabled features • Modify/customize kernels • Mobile Security TesYng © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 14 Why Root? 28% 72% Number of Android Devices Rooted (World-Wide) Rooted Not-Rooted Source: Tencent Study on Rooted Devices, 2015 •  Just how many devices are rooted? How big is it? •  ProliferaYon is higher amongst tech-savvy.
  10. 10. 4/6/17 8 © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 15 Why Root? Source: Tencent Study on Rooted Devices, 2015 It’s just plain fun. © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 16 Root to Test Outside the Box Root Access for Users and Apps •  SuperUser grants and manages apps ability to get root access. •  A rooted Android device won’t be as useful if apps don’t have root access. To fix this problem, make sure you install SuperUser soon aler rooYng your device. This will automaYcally force apps to ask permission to establish root privileges.
  11. 11. 4/6/17 9 © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 17 Root to Test Outside the Box LocaYon/GPS Spoofing •  Apps like FakeGPS or Lockito allow you to not only change your GPS locaYon but also build in iYneraries. •  By adding a rooted app like “Lucky Patcher” or Xposed you can make FakeGPS a System App and override GPS Spoofing DetecYon © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 18 Root to Test Outside the Box Automated Tasking •  Apps like Tasker allow you to set up automated tasks. •  By rooYng your Phone, Tasker can now perform task with root access allowing it to do anything from: •  Nightly resets to a “clean state” •  Seeding test applicaYon data •  Nightly backups of system and app data •  Automated log access Archive
  12. 12. 4/6/17 10 © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 19 Root to Test Outside the Box Network Traffic Analysis •  Apps like Shark for Root allow you to record network traffic and analyze just what data is being transferred over clear-text. •  Determine what sensiYve data might be exposed from your app including: •  Passwords •  Keys •  Personal Data •  SensiYve “App” InformaYon © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 20 Root to Test Outside the Box Record and Playback of Touch Events •  Root Apps that allow record and playback of touch events, such as RepeYTouch can be a poor man’s automaYon tool •  Record and playback touch events with loops or built in response to outside sYmuli (how to handle a phone call) to test “farming” or common acYons in your mobile app
  13. 13. 4/6/17 11 © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 21 Root to Test Outside the Box Modifying Local Data Storage •  There are many rooted apps that look at local data storage and shared preferences to allow you to test your apps. •  Determine what your app has stored where and what you might be able to hack. •  Change your states (level, permissions etc.) •  Explore privacy violaYons on disk •  Recover passwords •  Give yourself lots of “free” gold or in-game currency © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 22 Root to Test Outside the Box Deleted File Recovery •  Non-rooted apps may allow you to recover deleted files, but other file types are elusive to recover •  Recovery tools like Undeleter allow you to recover a variety of file types from all your parYYons •  Temp Data •  Cached Data •  Logs •  Text Messages
  14. 14. 4/6/17 12 © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 23 Root to Test Outside the Box Security TesYng •  NaYve App TesYng •  Cert ValidaYon tesYng with the “Xposed Framework” and “JustTrustMe” •  Root-DetecYon Control tesYng •  Xposed DetecYon controls •  Fuzzing •  API Vulnerability TesYng •  Mobile Web App & Network •  Wifi Crackers •  PenetraYon TesYng Mobile Web Apps •  Automated InjecYon Aeacks Bugtroid dSpolit DroidSQLi © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 24 Conclusion •  You can get away with mobile tesYng without rooYng. •  You can catch bugs and build/test good products •  RooYng can help you elevate your tesYng capabiliYes: •  TEST FASTER •  TEST MORE •  TEST DIFFERENTLY •  HAVE FUN
  15. 15. 4/6/17 13 © COPYRIGHT 2016 COVEROS, INC. ALL RIGHTS RESERVED. 25 Thank You Alan R. Crouch @RealAlanCrouch

×