You’re sunk deep into your leather seat, enjoying the scenery that blurs by as the adaptive cruise control in your luxury sedan interprets data from the radar headway sensor and longitudinal controller to keep your car a safe distance from others on the road. This machine practically drives itself. Life is good. Your highway traffic-analysis app starts beeping, slowly at first, then more insistently. Nothing’s wrong, as far as you can see. Suddenly, maniacal laughter blasts from your stereo, and you instinctively cover your ears. You feel a horrible grinding vibration in the seat of your pants as your vehicle loses speed. “Damn you, Anonymous!” you yell, shaking your fist in the air.
It’s a little far-fetched perhaps, but the vulnerabilities of the systems embedded in your vehicles are not. The 2014 Infiniti Q50 was singled out by researchers Charlie Miller and Chris Valasek at the Black Hat USA convention in Las Vegas, along with the 2014 Jeep Cherokee and 2015 Cadillac Escalade, as “most likely to be hacked.” Radio, Bluetooth and telematic components used the same network as the engine and braking systems.
“If you’re allowing an app to interact with your car, you want that app to be tested rigorously. You don’t want to be a member of the extended QA team,” said Carlo Cadet, the lead technical evangelist at Perfecto Mobile. But nearly half of all app defects his company found in a survey (“Why Mobile Apps Fail”) are reported by users once the apps are in production. Twenty percent of these bug reports, not surprisingly, come via negative app store reviews, they found.
(Related: Threats that grow larger in mobile)
A major obstacle, according to Perfecto’s report, is device proliferation. Of the 900 mobile app practitioners surveyed, 63% were hard-pressed to test across the required number of devices and OS versions. Though the results aren’t exactly objective, given that Perfecto offers a cloud-based Device-as-a-Service testing tool, they ring true. In a similarly obvious vein, SmartBear Software, makers of the TestComplete tool for instrumenting and recording object-oriented smartphone tests, found nearly 50% of customers delete apps if they find a bug.
These modern versions of the classic Chaos Report (now debunked) are not deterring many from publishing half-baked mobile offerings in app stores, however. According to Genefa Murphy, director of mobile product management, analytics and user experience for HP Software, there has been an increase in interest in app monitoring. Unfortunately, she said, the motivation is often a Band-Aid approach to testing.
“In the need for speed, customers say, ‘Maybe I’ll negate testing and just put my app out there.’ When they do that, the sensible customers say, ‘I should be monitoring that app to see how many crashes are happening, on what device and OS, and in what phase of the end-to-end use case,’ ” said Murphy.
Enterprises looking to launch dozens or even hundreds of mobile apps are often aware of security, service-level agreements, and government or privacy compliance issues, and are more prone to choose a solution like HP Fortify to scan their apps. For the unwashed masses, however, test-driven mobile app development is an economical approach. “Because many of the hundreds of thousands of apps in the App Store are produced by micro-ISVs, anything that can improve the quality of an app without requiring much investment is a good thing,” writes Graham Lee in the book “Test-Driven iOS Development.”