Skip to content
Behavior Driven Mobile Testing
Api Testing·

Behavior Driven Mobile Testing

Yanir Taflev
by Yanir Taflev
Behavior Driven Mobile Testing

When it comes to testing mobile applications it becomes harder to build and execute with traditional tools that focus on UI. There are a lot of moving parts, usually, it requires coding, involves a lot of maintenance, and often suffers from instability, but it doesn’t have to be like that.

In this article, I will show you how to capture the behavior of your mobile application and turn it into end-to-end API-driven flows in a fun way and with a fraction of the effort compared to other methods out there.

Mobile testing is hard

  • Slow - Mobile testing tools don’t excel in speed, simulating user interaction usually comes with overhead. That’s also due to the fact that mobile applications aren’t built around testing and have near-human latency.

  • Flaky - Behavior and UI often change and break tests that rely on specific elements or flows that were changed.

  • Expensive - Traditional mobile testing will occupy expensive devices for a long time and will require more resources to maintain and analyze them.

  • Hard to maintain - It is difficult to get to the root cause of mobile tests failures, they’re hard to debug and contain multiple moving parts. On top of that mobile tests will be usually built with code that adds complexity and requires expertise. 

  • Higher entry barrier - Most of the tools out there will require coding, deploying new frameworks, and getting to know and use them, which will add to the learning curve.

  • Impossible with rich graphic applications - Dynamic applications with progressive animations or continuous state (ie. Games, Navigation, Imaging, etc.) are almost impossible to automate due to their chaotic nature, as a result, if it was possible it would still break the simple philosophy of test automation.

Introducing Mobile integration testing 

Testing the behavior of applications without falling into the noted pitfalls can be easily achieved with end-to-end API testing. APIs by nature are fast, stable, reliable, seldom break and now easy to build, maintain and don't require coding. In the next section we will see exactly how to build our first test out of any mobile application.

Generating tests from user behavior on any/your mobile app- high level

Setup diagram

This is how our setup will look like on a high level

Mobile post pic_18

General steps

The following steps will be required to accomplish your first test:

  1. *Setup an android application on android emulator device on your machine (Mac)

  2. *Setup proxy engine (Proxyman)

  3. Capture user behavior

  4. Generating automated tests with Loadmill

* Required only for the initial setup
Next is the detailed step-by-step tutorial on how to set it all and make your first test.
  1. Setup android application using the Andorid emulator

    1. Download Android Studio 

      1. Note, Make sure you install the right version for your chipset. 

      2. Note, There’s no need to create a project through the initial screen. 

    2. Create a new android device

      1. Open the device manager (AVD) - In android studio, select More-actions -> ‘Virtual Device Manager

        Mobile post_pic1

      2. Click on “Create Device” and select one without the “Play store” logo, then select next.

        Mobile blog post_pic2

      3. Select api level 32 and click next. (not all API versions were tested with this method, departing from the recommended version will reduce the chances of your success) Note that arm64 ABI images are optimized for mac silicone, I highly recommend selecting such an image in case you have apple silicon.

        Mobile post_pic3

      4. Click on “Show advanced settings” and ensure setting enough Internal storage. Click on finish.

        Mobile post_pic4

      5. Start the newly added device from the device manager (this is the only time we will start it from the device manager, next times we will use a cli command)

        Mobile post_pic5

    3. Install android application

      1. Get an apk file of your android application, alternatively you can try downloading any app from APKMirror - For this tutorial we’ll use Papa John's app that can be downloaded from here

      2. Install it by dragging the downloaded APK into the running device emulator screen.

      3. Depending on the application you might need to perform initial login and some other first time steps.

      4. After that you can close the device for now.

  2. Setting proxy (Proxyman)

    1. Note that For this tutorial we’ve chosen to use Proxyman but others can be used as well using the same principles.

    2. Environment setup

      1. Make sure you have OpenSSL installed on your mac by running the following command  “openssl version”

      2. Make sure you have access to the Android Debug Bridge from your terminal (in your path)

        1. Check this by typing “adb version”

        2. If it is not in your path, link it by running  “sudo ln -s ~/Library/Android/sdk/platform-tools/adb /usr/local/bin”

        3. Link

      3. Make sure that you can access the emulator cli from your terminal

        1. Check this by running “emulator version”

        2. If it is not in your path, link it by running “sudo ln -s ~/Library/Android/sdk/emulator/emulator /usr/local/bin”

    3. Installing Proxyman

      1. Download Proxyman & install it

      2. Set Proxyman to use only the external proxy

        Mobile test pic_6

    4. Preparing the certificate

      1. Proxyman creates a custom SSL certificate to be able to decrypt the app requests

      2. Open this link http://proxy.man/ssl and download the certificate

      3. In the folder you downloaded the certificate to, run the following command to rename the file to the format expected by Android OS - hashed_name=`openssl x509 -inform PEM -subject_hash_old -in proxyman-ca.pem | head -1` && cp proxyman-ca.pem $hashed_name.0

    5. Deploying the certificate into the device

      1. Execute the following commands in terminal/cmd:

      2. List your AVDs: emulator -list-avds (previously device should be listed)

      3. Start the desired AVD: emulator -avd <avd_name_here> -writable-system (after executing this step, an android device should come up on you screen)

      4. restart adb as root: adb root (open a new terminal tab)

      5. disable secure boot verification: adb shell avbctl disable-verification

      6. reboot device: adb reboot

      7. restart adb as root: adb root (don’t run that command until the emulator is rebooted)

      8. perform remount of partitions as read-write: adb remount (If adb asking to reboot, reboot again by running adb reboot then again adb root and adb remount)

      9. push your renamed certificate from step C: adb push <path_to_certificate> /system/etc/security/cacerts

      10. set certificate permissions: adb shell chmod 664 /system/etc/security/cacerts/<name_of_pushed_certificate>

      11. reboot device: adb reboot

    6. Validating the certificate on the device

      1. In your on-screen android device -

      2. Navigate to settings -> Security -> Encryption & Credentials -> Trusted Credentials

      3. If all went well you will be able to find (with a little scrolling) “Proxyman LLC” certificate under the “System” tab.

        Trusted

    7. Configuring Proxyman as the proxy on your device

      1. In Proxyman navigate to “Certificate -> Install Certificate on Android -> Physical Devices …” (don’t let the notion of “Physical Devices” confuse you, we won’t follow this guide, just take a few necessary details)

        Mobile post pic_8

      2. In the “Android setup guide” copy the ip and the port for the next steps.

        Mobile post pic_9

      3. In your device, navigate to your current wifi settings

        Internet1

        Internet

      4. Disconnect and click on the edit button

        Network

      5. Change the proxy type to ‘Manual’ and insert the ip and the port accordingly. Click save and reconnect back to the wifi.

        Android wifi

  3. Capturing user behavior

    1. Starting the device

      1. If your device isn’t running, make sure to start if with the following command: emulator -avd <avd_name_here> -writable-system  Important: In order to be able to capture the traffic your device generates, you must start your device from the terminal/cmd with this command each time.

    2. Inserting url(s) into SSL Proxying list Tell ProxyMan what traffic to decrypt by going to “Tools” -> “SSL Proxying List” and add new entry to the include list according to the traffic you’re interested to capture from your application, in my case *.papjohns.com should do the work.

      Mobile post pic_14

    3. Starting capturing traffic

      1. In ProxyMan make sure you see the ‘pause’ sign in the top left corner, (it means it is turned on).

      2. In your emulator device, open the app, on the first request proxyman should start displaying traffic and you will notice to a new entry under “Remote devices”

        Mobile post pic_15

      3. Once ‘driving’ the application you should see requests being captured, note to the SSL unlocked sign, it means your requests are being decrypted by ProxyMan. It is also useful (and fun) to click on requests and see the body in a human readable form

        Mobile post pic_16

    4. Exporting traffic data

      1. Now let’s export the entire set as har file for the next steps, you can either select multiple requests in the list or just right click on the domain and select Export-> as HAR (HTTP Archive)

        Mobile post pic_16

      2. Save the file on your disk and follow the next section that explains how to generate tests out of it.

  4. Generating automated tests with Loadmill

    1. Go to Loadmill In case you don’t have a Loadmill account yet, talk to us asap or proceed with creating a free account here.

    2. Import the ‘har’ file

      1. In loadmill test designer (The pen menu-item) navigate to your suite and click on ‘import flow’ (1), select your file and wait up until the import is completed.

        Mobile post pic_17

        Loadmill just created a new API flow from your traffic, note to the parameterization and chaining of all the parameters, it was done automatically with zero effort.

    3. Run your flow Now you can attempt running your new flow (2) from loadmill

    4. Enhancements and advanced topics To get the most out of your tests, to insert global login flow, integrate with your CI system and learn how to make your tests more robust, head to loadmill documentation.

      Talk to us