Testdroid for security testing - testdroid

As part of finalizing a security testing tool for our android app, I was validating various tools and stumbled upon this blog. Under How to access this service? Section, step 5 says: Upload your APK and check “Execute security tests”. But I couldn’t find this checkbox. Is it that this will only be available for paid users?

Related

Publishing Delphi applications to the Microsoft Store

I would like to publish my first Delphi application in the Microsoft Store.
Do applications published in the Microsoft Store also have to be signed with a commercial certificate?
When I launch my application, the user should not be shown that the application is from an unspecified developer, etc.
Yes, you need a code signing certificate. You can get a standard or an extended validation certificate. The last one is more expensive, but since you are vetted more thoroughly, MS also values these higher.*
Even with that, you still have the risk of your app getting flagged by Windows Defender as a potentially unwanted application until sufficient people have downloaded it and marked it as safe (google e.g. "defender flagging downloaded installer")
MS itself gives more information at Publish Windows apps and games, and note that you need to supply a MSIX, MSI or EXE.
BTW Embarcadero also has some information about publishing as an APPX and to the Micrososft Store:
Windows 11: A Beautiful Meteor Will Wipe Out The Dinosaurs about Windows 11 and app stores
VCL Integration with WinAPI, COM & ShellAPI, and WinRT YouTube video, TWindowsStore discussed at 37:00
* Do not confuse this with the three levels of website certificates, e.g. described here.

Multiple iOS apps in a single Firebase Project

I created a Project using Google Firebase. In this project I added 6 iOS apps that I want to track and manage under a single Firebase Project. The apps are sports related and I wanted to have all of them share the same project for monitoring and management and possibly sharing data with each other. Initially the apps will use Firebase Authentication, Crashlytics, FireStore and push notifications. Over time more of the Firebase services will be added (i.e. A/B Testing, Remove Config, etc.). One the summer I will be adding 6 Android apps. These have been in development over the last 6 months and all the Firebase features appear to be working fine.
Are there issues or downside to setting up multiple iOS apps under a single project? When I setup the apps under the Firebase console it did not restrict me to a single iOS app per Firebase project nor did it give me any warning. My cause of concern is the Firecast from Google titled “Getting Started with Firebase: https://firebase.google.com/docs/ios/setup . Project setup is discussed at the 1:25 mark talking about multiple apps in the same project and the diagram shows 4 apps in the project. An app can be an iOS, Android or Web app and one possible scenario is to create a single project with 3 apps (iOS, Android, Web) which share login and user data. At the 2:20 mark it states “… there is nothing to be gained by cramming them into the same project besides tears and heartache.” but it doesn’t specify what the “tears and heartache” issues are. I googled around and checked additional documentation and no warnings are given or information on best practices.
I did see a posting on Stack-overflow from a Google engineer regarding deep linking that was supposed to be addressed in Q1 2018 (over a year ago).firebase-dynamic-links-for-multiple-ios-apps-in-project .
The one issue we did run into is that we can’t use Facebook authentication in our app. The authentication is setup at the project level for all the apps. But Facebook requires each individual app to be registered for authentication and does not allow the user to register a group of apps. So this prevents us from using Firebase login, but this is the only issue we’ve encountered. We MAY run into a similar issue with Twitter, Yahoo, or another service if we add them as login options. For now we are just using Google sign in along with email sign up.
Any guidance here would be appreciated as we plan on shipping the apps at the start of summer. If we need to reconfigure the apps so each one is in a different Firebase Project we can do that but it’s additional work and we have not run into any issues during development and QA.

What's the most straightforward way to share an iOS app development build?

I'm developing a mobile app (using React Native for that matter), and I'd like to have one of the members of my team try it out.
With Android, I can just share the apk with them. Is there something similiar in iOS?
There is a bunch of tools to do this. Test Flight is not the easiest way to share a build because you need to submit it to the app store, it needs to be processed, pass through all the checks before someone can download it.
Whilst you should definitely use Test Flight to deploy official test versions, an internally used tool for alpha and beta versions is quicker and easier.
I would suggest a tool like Fabric Beta (currently owned by Google), which is a free app deployment + analytics tool. you will need to add some code to allow it to work but it is a simple process. It comes with a program to help deploy and you can plug it into most CI software.
You will need to ensure you have the device UUID's of people in your internal team to sign the application for their devices.
Test Flight is what you're looking for.
First though you need to add the UDID of your team member's device to the provisioning profile used to create the .ipa (iOS equivalent of an APK). But after that, just follow the information and tutorial(s) at the provided link.

What are “bots” in Xcode and how to use this feature?

I have read about the Xcode 9, and there is an interesting term “bots”, which will do the CI/CD work for you, but didn't get any proper guide. Could anyone help me find the configuration guide on it?
From Apple’s About Continuous Integration in Xcode guide:
Bots are at the center of the Xcode Server automated workflow. Bots
build and test your projects with the schemes you specify. Because
Xcode Server can access the source code repositories of your projects,
you can create and schedule bots to run periodically, on every source
code commit, or manually. You can also configure bots to send email
notification of the success or failure of their integrations. Xcode
Server also allows your bots to conduct performance testing and
initiate pre- and postintegration triggers.
On how to setup and configure bots, please read Install macOS Server and Configure Xcode Server.

Application Loader: Apple's web service operation was not successful

I'm trying to upload an app with Application Loader but I get following error :
Apple's web service operation was not successful Unable to
authenticate the package: 54005906.itmsp An unknown error occurred.
(2010)
What is the problem? I really can't find any info.
Its was problem with Apples process. Worked the day after!
I would check following
1. Profile, username, password, certificate 2. Clean Build and Try again.
I kept getting it for several days until I changed Deployment Target from 3.1.3 to 4.3.
I just selected Standard Architectures in both Project and Target, and it worked for me.
I had the same error but fixed it by changing Build Active Architecture Only from
Release YES
to
Release NO.
When submitting a question like this you need to include all the error messages
If you choose to post only the error messages that you think are relevant, you are probably going to choose the wrong messages. If you know how to indentify the extraneous info, you probably don't need to post a question to StackOverflow at all. ;-)
When submitting a question like this there are a few things to note:
• If you submit enough failures in some given time frame, Apple will stop allowing you to connect/submit for some other time frame!
- This is a situation that seems to correct itself overnight in most cases. You can use a different authorized account to get around this. (Create a new one if you gotta.)
• The first 2 items are red herrings
Apple's web service operation was not successful
In spite of how it sounds, this doesn't mean it couldn't connect. This simply means that the ultimate goal was not successful.
As a metaphor: if (ApplicationLoader.DeliverYourApp(SelectedFile)){log("Delivery Successful");} else {msg("Apple's web service operation was not successful");}
Unable to authenticate the package: 81680085.itmsp
Before Apple accepts your package on their server, they want it to pass a few "field sobriety" checks.
From their perspective, it's like "cloud computing". They are saving server resources by doing analysis in the cloud. And the cloud is the workstations of all their developer.apple.com members.
• The "Background Activity" panel (revealed by clicking "Activity...") is very useful to watch.
Seeing "Could not start delivery: all transports failed diagnostics" makes you think there is some form of connection or login error (especially when combined with the top 2 errors. If you open the Background Activity panel early on and watch the entire process, you see that the message that is RED in the screenshot above actually goes through these states:
Upload package to the iTunes Store
Authenticating with the iTunes Store
Verifying assets with the iTunes Store
Could not start delivery: all transports failed diagnostics
Finally, the error in my screenshot actually means...
The IPA file I was given fixes the bug that prevented my previous upload from succeeding, however, the developer forgot to increment the build number and Apple re-rejects it out of principle. This could be avoided if they would implement a build script that does something alone the lines of git log --oneline | wc -l. This is pretty much exactly the way I do it in my projects.

Resources