As we know, in the last years Mac OS operating system becomes more and more popular in the software market.
Primarily, it is caused by the successful and efficient actions of Apple developers.
Permanently releasing a big variety of Mac OS-based computers, this brand gains maximum client’s trust and loyalty.
Such dynamics automatically leads to a permanent rise of a number of official vendors of software, who create cross-platform applications for clients to completely cover a consumer market. Additionally, there is a whole list of utilities and applications created only for Mac OS: usually, it’s special tools for developing a particular software and for professional cooperation with multimedia content.
Testing the functionality of Mac OS applications has its peculiarities which must be taken into account only on the base of detailed knowledge on the internal architecture of such system.
Now we will talk about peculiarities of testing the utilities in Mac OS which usually happens if you, for example, don’t have a jailbroken device and you need to immediately understand how the exploit functions. We will also try to deduct basic possibilities and limits which happen during the process of testing web products in Mac OS and will highlight the most popular tools for testing.
By the way, we will perform all tests with installed Xcode and run utilities in the iOS simulator.
Work with iTunes Utilities
Unfortunately, Xcode doesn’t allow to set up IPA files from iTunes, as all applications of this platform are copied according to special ARM architecture and only utilities which were compiled only for x86/x64 system architecture work in a simulator. So we can say that you should run final tests, in order to check the correctness of testing an application on MacOS.
By the way, you must use a special software for such work. In our case, it’s the Dam Vulnerable iOS app.
Analysis of a Local Database
In the process of auditing, we primarily test security in a local database of applications. You just need to move to the next folders which are automatically created in Xcode and check whether confidential information is stored in these directories.
Work with System Logs
You can freely view logs which can contain personal information, developed by utilities, in the particular part of the Xcode application.
But sometimes developers check whether such an application is run on a device or its simulator and put data in a log only during testing it on a simulator. If this testing is not performed, we can be completely sure that this application has a noticeable vulnerability.
Work with Debugger
While testing the utilities, you can always configure a debugger with a program which runs on your simulator.
According to our experience, using LLDB is the most efficient, as such a system has numerous programs for working in Xcode.
Tested iOS application, which runs in a simulator, will be automatically displayed in the list of tasks which you can find during running ps aux command.
In the process of connecting a debugger use name (login) or id of a chosen process as main characters.
Speaking about the process of tracing the methods, it can be performed with the help of LLDB debugger which is automatically built in Xcode application. To finish the process, just click the sign «+», which appears on the screen.
Now our task is to set up a completion point for quick access to the tobjc msgSend command.
Manually add new function Debugger Command with a function and mark the field «Automatically continue after evaluating actions».
Now we can do absolutely all tracing, to access the method objc_msgSend, mentioned above.
Usage of Cycript
Such utility will help us to quickly analyze the weak points of your application and possibly indicate what actions must be performed to get rid of them. On MacOS operation system the same as on other devices and systems.
Network Traffic Tracking Operations
To analyze current HTTPS traffic, you need to install SSL-certificate in a used simulator (it is made by moving the files in a simulator’s window and then pressing Install button).
Testing Mac OS Applications on iTunes connect Platform
As we know, checking your created utility for reviewing takes about 1 week but if you are “lucky” and you uploaded it before weekend or holidays, it will be approved in about 2-3 weeks.
In the next paragraphs, we will learn how to speed up and test checking of Mac OS applications in AppStore application which are functioning today. By the way, both methods are 100% efficient and free!
1. Expedition App Review
We must say that it’s 100% legal way to run a quick type of checking (testing) of Apple utility.
All we need is to fill in contact details and describe a reason why you’d like to check it quickly.
Usually, QAs use the following words – Critical fix bug and in description states that they found quite sever bug which can seriously influence the future work of application.
If your company tests new utility, not update of old one, it’s better to mention that a marketing company of utility has started and you have a deadline for a final release.
Usually, in 2 hours you will get a message with a detailed decision on the application.
Usually, the tested application goes through In Review stage and, if there no problems, it automatically gets a Ready for sale status.
Also, we’d like to admit that in such «quick» testing of the application, Apple service additionally also uses internal components for a future release (inApp Purchases).
Remember! A big drawback of such variant of testing is that it can be used very often. Apple company highly recommends to use it only in such cases when you, as developers, need quick and smartly approved checking of utility.
The idea of this checking is that QAs need to get many applications with «Waiting for review status» in a personal account (according to investigations – from 7 to 10 applications at the same time).
But how to perform testing if you have only 1 application but it’s the most important and fundamental? Easily.
• Develop and upload a utility to a platform;
• Develop «fake» utilities and random ID, add stubs for icons and screenshots, create distribution certificates for them and mount them in the same way as for a typical application;
• Change a status of utility on “waiting for download/upload”;
• Create an empty app and edit it bundle id on your developed “fake” application and upload it.
In result, we will have several utilities with “Waiting for review” status.
Such tricks and checking helped us to decrease the time of approval of application status performed by Apple from 1 week to 1-3 days.
Right after all utilities have got In Review status, we must go to iTunesConnect and make a Reject binary command for all fake applications.
So a fake one will change a status from In review to Developer rejected and won’t be checked. And tested utility will be moderated almost the same day.
Automated Checking of Created Tests in Mac OS
In order to choose the most suitable tool for application testing, you must thoroughly understand its internal way of functioning.
There are 2 variants of working on such a strategy:
• Working with a test in a logic of turning to a screen without the analysis of such screen and available parameters and objects of the interface. Usually, such software testing services are performed with the help of a gesture system. A huge advantage is that you don’t need to modify a utility. Drawback lies in permanent dependence of application on a size of a screen, design of a program and system orientation of a device;
• Performing testing with the help of a set of interface objects of the application. Forms marks, buttons, text fields and other “layouts” must be mentioned before testing. The advantage lies is that even serious changes in design won’t influence the running of a test case. The drawback is that you need to permanently connect additional libraries.
What Tools Can Be Used for Testing?
By the way, QA must not compile other libraries. After the release of the 4.3 version of Xcode, there is a possibility to record test cases with the help of record command.
Robot Framework is a special open-source framework for performing automated acceptance testing and creating a base of acceptance tests which have huge technical functionality. It supports numerous additional libraries.
MoneyTalk is a popular tool for testing Mac OS applications. It has a strong script language, gives a possibility to create and save your own test cases and test suites. According to developers, it perfectly interferes with Eclipse and has the built-in recorder. You need to put your own libraries in utility.