You are on page 1of 14

Sheet1

Summary

Application should mask any sensitive


information on screen to prevent it from
being leaked via automatic snapshots taken
by the device

Information contained in the


saved documents should be
encrypted to prevent from
accessing sensitive info such as
account numbers, email ids etc.
For best practice- sensitive data
should never be stored at client
side.
Application's plist should not save
sensitive informations. Instead, it
should be saved in the keychain
which will limit the access from
one app to other app's data.

Secured Client/Server
communication should be
established every time when
required. (i.e., proper encryption
should be done for the data being
sent over the media)

In registration/profiles/details/info
screens: submitting mobile
number/email id.

Privacy settings.

“Remember Me (OR) Keep me signed in”


behavior.

Page 1
Sheet1

Auto Sign out.

Forgot username/password.

Change email id/ password/ phone number/


settings.

If the app is social, options should be


present to block/unblock users.

Support from the developer.

Passcode.

Length of the username/password.

Confidentiality.

Page 2
Sheet1

Steps to verify

1. Launch the app. (client-server app or standalone)


2. Work with the app screens which shows up custom images/screen.
3. Connect the device. Launch Xcode and Open the organizer window and select
'Applications' link on the left side for the connected device.
4. Save the application data to Desktop by clicking on app icon in the tray and
dragging to desktop. The folder saved as, for example,
com.spoonjuice.nightstandhd 2011-05-30 15.54.43.554
5. Open the app's saved data folder and select Documents > Caches > Images
And
Library > Caches.

1. Open the app's Saved data folder and select Documents > Caches > And
Library > Caches.
2. Try to open the cache files with an SQLiteManager

Download SQLiteManager

1. Open the app's Saved data folder.


2. Open the plist file which is present in the Library > Preferences or any other
folder.

1. Install the client-server application to be tested on iphone


simulator.
2. Download Little Snitch app for mac.
3. Install the app and Restart mac.
4. Launch iphone simulator and launch the testing application
and connect to internet. Observe the dialog prompted by Little
snatch for network access permission.

Download Little Snatch for mac

1. Visit the Sign Up/ Registration screen of the app.


2. Enter the details including mobile number/ email id.
3. Submit.

View the profile details/settings screen in the app.

1. Sign in to app by checking 'Remember Me' or 'Keep signed in' option.


2. Sign out of the app.

Page 3
Sheet1

Sign in to a client-server app. Leave the app idle for a definite duration, say 15
minutes 30 minutes etc.

1. Select Forgot password or Forgot username option.


2. Submit appropriate username or email id along with answering the predefined
security question etc.

1. Sign in.
2. Navigate to Settings screen.
3. Submit the new email id/ password/ phone number.

1. Sign in to the social app.


2. Search for a friend or any person on the network.

View the info screen or Settings screen or Credits screen or Home screen or any
reference screen in the app.

Try to delete the user saved data such as tasks/todo/contacts etc all at once.

1. Type username/password in the respective fields in the sign in screen.


Attempt to Sign in.
AND/OR
2. Type password in Change-Password screen.
AND/OR
Save password.

1. Launch the app.


2. Go through each and every screen/page of the app. Observe in all screens.

Page 4
Sheet1

Expected Result

The images/screenshots saved in these


locations should be encrypted, which
cannot be opened to view.

Click below link to see the example


showing simulator data.

Example

The cache files are encrypted.

No sensitive info is stored in the plist


like login credentials, other
confidential datas.

Click on the example and refer the


annotated area in the snapshot. Https
is showed here if the app is using
secured network)

Example
Confirmation email/code sent to email
id/ mobile and only after
confirmation, they are considered
active.

Options are available to show private


details to All/ Friends/ Selected/
Nobody.

Password is cleared on signing out.

Page 5
Sheet1

Current user is signed out.

The login detail are sent to the


respective email id or the option to
reset the password too is sent to the
email id.

Confirmation link/code sent to new


email id/ mobile.

Block/unblock option should be


available while viewing them OR
It should be present in privacy settings
screen.

There should be an info on how to


contact the Development/Support
Team on any concerns about the app.

Passcode should be prompted on


attempting to delete the data which is
irreversible.

Length of the password should be


decided based on the strength of
network, type of encryption etc.

This might vary from app to app.

App should not reveal any


confidential info related to the app
itself or about the developer/products
used etc.

Page 6
image1

<< BACK

Page 7
image1

<< BACK

Page 8
image2

<<Back

Page 9
image2

Page 10
image2

<<Back

Page 11
image2

Page 12
image2

Page 13
image2

Page 14

You might also like