As more and more enterprises build and launch new apps based on mPaaS, the quality of App launch has become the focus of attention of all customers. What items are tested before going online? How to detect? What are the test data indicators?

By going to XX rural Credit Customer for online function testing last time and summarizing the experience of previous mPaaS historical projects, the relevant testing content of mPaaS before App launch is sorted and settled as follows.

One, security

1.1 Whether to enable national secret encryption for RPC

Data communication security is very important for App. MPaaS supports ECC, RSA and SM2. Among them, it is recommended to enable SM2 encryption configuration in financial industry apps to meet industry regulatory requirements. For details, see the product documentation: Data Encryption

1.2 Whether to enable the offline package check function

To ensure the security of offline packages delivered to the local device, mPaaS provides an offline package check mechanism to ensure the security of offline packages. The overall schematic diagram is shown above, and the user setting process is as follows:

  1. The developer configures a pair of public and private keys. The private key is placed on the server side to sign the offline package, and the public key is placed on the client side to authenticate the signature pair.
  2. On the offline package publishing platform, if a signature private key is configured, the AMR file delivered by the platform carries the signature information (ciphertext obtained after the private key is used to encrypt the hash value of the offline package).
  3. After the client obtains the AMR package and decompresses it, the client uses the preset public key in the project to verify the signature (decrypts the ciphertext of the previous step to obtain a hash value, and locally calculates the hash value of the offline package to determine whether they are the same). If they are the same, the client passes the verification.
  4. If the signature verification fails, the fallback address of the offline packet is deleted.

Through the mechanism of offline package check, the following purposes can be achieved:

  1. This ensures the integrity of the offline package, solves the problem of decompression and normal display under abnormal reading
  2. This ensures that offline packages are from correct sources and cannot be tampered with locally

1.3 Check whether the userId information is correctly set

Because userId will be used in many places later, such as push, whitelist. Therefore, you are advised to select the userId field of the server as the storage field to facilitate subsequent synchronization with the userId field of the server. You are not advised to store personal information such as your mobile phone number or ID card as the userId.

1.4 Whether buried information contains sensitive information, such as transaction order number

Because buried points are of a large magnitude, mPaas buried points are not encrypted locally by default. Therefore, buried points are not recommended to contain sensitive fields to prevent information leakage due to buried points. You are advised to report sensitive fields over the RPC data channel to ensure data security. If you need to bury sensitive fields, you need to actively enable local encryption for the buried fields.

1.5 Privacy Permission Configuration

As the current regulatory authorities have strict privacy permission control, mPaas has made corresponding access schemes for permission control. Yes Ensure that privacy Settings have been correctly configured before online access.

Ii. Stability

2.1 Verify whether the android 4.X version can be used normally

MPaaS supports Android 4.3 or later at least. Therefore, you need to verify the availability of Android devices of a lower version before releasing the mPaaS. Most of the problems are caused by the failure to find classes on Android 4.X devices due to the loading of multiple dex.

2.2 Check whether the iOS symbol table is uploaded properly

Before releasing the iOS symbol table, ensure that the iOS symbol table has been uploaded to the mPaaS background.

2.3 Check whether the hot repair module is connected and verified

Before release, ensure that the hotfix module is normally connected and verified to ensure that the hotfix capability for Native modules is available online and can be repaired in abnormal scenarios.

2.4 Confirming the Fallback domain name of the Offline package

Check whether the Fallback domain name is an IP address accessible to the Internet, and whether the Fallback domain name is an Intranet address.

2.5 Offline Package Modules Connect to the CDN

By default, offline packages of mPaaS are stored in the OSS. However, it is generally recommended to access the CDN for offline package modules and use the CDN cache function to solve the risk of bandwidth exhaustion caused by offline package downloading. In addition, CDN costs less than OSS storage. The access diagram is as follows:

2.6 RPC Core Link Interface pressure Test

Before going online, perform a performance pressure test on the RPC interface of the App core link to obtain the interface performance bottleneck, which can be used as reference for setting current limiting values in the future. In addition, you need to rehearse RPC traffic limiting scenarios to prevent client exceptions after online traffic limiting.

2.7 Release Updates available

Before going online, verify that the APK function is available, including the forced update function. In extreme scenarios, the apK function needs to be forcibly upgraded.

3. Performance experience

3.1 Offline Package Whether the offline package function takes effect

Ensure that the offline function of the offline package can be used properly to prevent the offline function from taking effect due to various configuration problems of the offline package.

3.2 Check whether the UC kernel is properly connected

Ensure that the UC kernel is correctly configured and connected to the system to resolve compatibility problems in the WebView. At the same time, UC provides good stability, which is more stable than WebView.

3.3 Whether the Core Link Offline package is prefabricated

Before releasing the core link offline package, you need to preprepare the core link offline package to ensure that the core link can still be opened in extreme abnormal scenarios.

To learn more about mPaaS, click “Read the original article” below.