Testing web applications on mobile devices

Are you regularly testing your web applications?

Tom Lofts - 16 January 2019

So, you have a web application - when it was first developed, you might have played around with the apps functionality to check it worked (generally known as user acceptance testing) , but you haven’t thought too much about it since then.

Common types of application testing

There are a number of other types of testing you may want performed on your application but weren’t aware of. Applications often need to be tested on a case-by-case basis depending on their functionality and requirements of their users, but two types of testing are important for every web and mobile application: Compatibility testing, to ensure the app runs the way it was intended, and security testing to ensure there are no issues which could compromise data or resources used by the app.

Compatibility testing

Both web and mobile applications run on a number of different browsers, devices and operating systems/platforms.

For mobile apps, this will usually be Apple’s iOS or Google’s Android platforms, though occasionally other less well-known platforms such as Windows mobile. Many apps will need to support both iOS and Android, both of which have their own platform specific functionality and development practices.

Both iOS and Android receive regular updates from Apple and Google respectively: Both Android 9 and iOS 12 were released to the public last summer and there have been a number of smaller updates since. Updates generally include new features, but every so often an update will remove old functionality or change a feature in such a way e.g. when iOS 11 was released, support for 32-bit apps was dropped which required developers to upgrade their apps to allow them to appear on the app store and run on future iOS devices.

For web apps, users might be using Chrome, Firefox, Safari or Internet Explorer/Edge, all of which display web applications slightly differently and sometimes require slightly different techniques to be used to achieve certain functionality. Browsers also update versions frequently, with new versions often coming out every few weeks or months.

Finally, there’s device compatibility testing. While there are such a large number of different laptops and mobile phones that it’s impossible to test every device, there are some common aspects, such as checking devices with a Retina display or an oddly shaped screen such as the iPhone X’s ‘notch’

All these considerations need to be taken into account both when developing apps, and keeping them up to date throughout their lifetime.

Security testing

As you may have seen in the news, online security continues to be a hot topic with many large firms disclosing they’ve been hacked due to inadequate security practices.

While following best practices with regards to secure development when creating a web or mobile application will help, we would suggest all applications are tested using a comprehensive web application security testing framework to ensure the application does not contain the most serious or common vulnerabilities. We use the OWASP Application Security Verification Standard and OWASP Top 10 Most Critical Web Application Security Risks industry standards to test our client’s applications as part of our Application Security Testing Service .

As with compatibility testing, security testing not only covers the application itself, but also any other components the application depends on. Instead of browsers and devices, this covers things like the programming language or framework the application is developed in, the server it runs on and other components it uses like a database or search service.

Critical vulneraries in widely used software can have devastating effects if not resolved quickly e.g. in April 2018 a vulnerability was discovered in Drupal, a popular web content management system which affected hundreds of thousands of sites and if not patched within a few days it was very likely a site using Drupal would be compromised, even if the rest of the site itself was secure.

While it’s impossible to be 100% certain you web application is secure, regular testing of both the application and its underlying components will ensure that your application has been checked and tested against all critical and common vulnerabilities.

When should you be testing?

Now you’re aware of the common types of testing, when should you be looking to have your application tested?

After initial development – Most development companies will perform compatibility testing against common platforms, devices and browsers, but if you’re aware of any unusual requirements (e.g. a large proportion of users on old devices or browsers), you may need to inform your development company so they can take this into account. Fewer companies will provide security testing as part of application development, so depending on the nature of your application, you may want to have it tested for security vulnerabilities before it is released to users by a company offering web application security testing.

After new development – Your application may have been secure and compatible when it was developed, but is that still the case after large changes have been made? New features in your application may work differently or use different components, both of which can introduce security vulnerabilities or incompatibilities which weren’t present in the original application.

After new platforms are released – Typically iOS, Android and web browsers are released early to developers to allow them to test web and mobile applications before they are made available to the public. This allows developers to ensure their apps work in the latest versions of these platforms and any compatibility issues which do arise can be identified and resolved before they’re discovered by users. OWA offer an App Testing Service which covers this type of compatibility testing and ensures the applications we test are compatible with the latest versions of iOS and Android and any issues can be resolved as early as possible.

On a regular schedule – While platform vendors release updates on predefined schedules, this isn’t always the case with security vulnerabilities. Major vendors normally release updates to resolve security issues on a regular schedule, but every so often a critical vulnerability or new type of attack is announced so the more regularly an application is tested, the more secure it can be made.

There’s no right answer to how frequently you should be testing as it will be dependent on the age and complexity of your application, the technologies it uses, platforms it supports and the sensitivity of the data stored within it.

If you’d like to discuss testing your application please get in touch to discuss this in more detail with one of our team.

Other types of web application testing

We’ve covered the two most important types of application testing – but there’s more:

Stress testing – your application may be running fine now, but how would it cope with 10 times the users, or 100 times the users, or 100 times the users at the same time? Stress testing simulates expected load of your application to ensure it will cope with your expectations in future.

Performance testing – studies show slowly loading websites and apps lose users, so an app which loads quickly and performs well is a must. Performance testing looks at how responsive various tasks are in your app and what can be done to improve this.

Accessibility testing – A significant proportion of the population has some form of disability or condition which affects how they interact with applications. This may relate to sight such, as being colour blind, or touch, such has difficulty clicking small buttons. There are a number of accessibility guidelines which can be used to check that sites are accessible to the widest possible audience.

We do perform all these types of testing when developing applications but if you’ve had an app developed elsewhere and you’re concerned about any of these points or you’d like to discuss them in more detail please get in touch.