Testing tips: How to test Bitcoin wallet apps?
What makes bitcoin popular?
The popularity of different internet services and online e-commerce made it necessary to create a new type of payment solution that would satisfy the needs of millions of internet users. Bitcoin, a digital currency with no centralized control has filled the vacancy.
Since 2015, a great number of online merchants and resellers have been using Bitcoin to purchase goods and services. This step turned it from a new exotic, online currency to a popular reliable and easy to use payment method.
Now you can use your Bitcoins for a wide range of purposes, such as buying electronic services and discounts, physical goods, booking tickets, hotels, etc. Bitcoins are now accepted even in offline stores, such as bars and restaurants.
What changes in the blockchain technology we can expect in 2017?
2017 is promised to bring even more success to Bitcoin and its blockchain technology. Some of the world political instabilities and economic problems don’t prevent this cryptocurrency from gaining more and more popularity. Many people like the idea of having a borderless currency.
Cryptography allows Bitcoin to operate with sensitive information securely, anonymously and efficiently. That is why the blockchain (a decentralized encrypted ledger) will be the first question to be discussed among those businesses that aim to alter their financial processes. Large companies, sooner or later, are going to start making major plays in bitcoin and this opens the door to larger markets for Bitcoin.
How should you test an app with blockchain API?
Dozens of mobile apps with blockchain API are currently being developed to satisfy the needs of all Bitcoin users (like Luno, Xapo, Bitpay, Bitcoin Wallet, etc.). If you decide to dive deep in this area, it is strongly recommended to meet the high standards of cryptography and take the testing process very seriously.
Top bitcoin wallet apps on Android
Because Bitcoin is real money, you cannot simply test it on production. Instead of a testing environment, Testnet was created to play with the bitcoin blockchain in order to find all the drawbacks of an app designed for bitcoin use. The blocks are mined every 10 minutes automatically. Another option is to use alternative special sites such as http://tpfaucet.appspot.com/ or http://faucet.xeno-genesis.com/ which offer the possibility to get bitcoins that are free of any denomination (i.e. bitcoins that contain no value). The transactions that would be initiated on Testnet will not affect the monetary value of bitcoins on the web (mainnet).
Sometimes there are cases when testnet is not enough. The blocks are mined every 10 minutes and you cannot speed up the process or influence it. If you need bitcoins to be mined faster and don’t want to use faucet sites, regtest is right for you. It gives you full control over the environment so you can run the regmode and generate as many bitcoins as you need at any time.
The main thing that should be considered when testing apps that propose payment services is security. The general aim of bitcoin apps testing is to check the blockchain verification and make sure the basic transaction structure is not corrupted.
First of all, you should start with Bitcoin wallet app vulnerability analysis. This entails two main approaches:
|1) Static methods of analysis:||2) Dynamic methods of analysis:|
If you want to know more about security testing, then we strongly recommend that you review this article: “The 8-steps security testing approach for a perfect project”
We suggest that you use manual testing services to eliminate risks that are related to the device’s software and emulator backdoors or an incorrect structure of automation testing scripts.
During the manual Bitcoin wallet app testing process, you should pay attention to the following aspects:
Bitcoin wallet apps testing checklist
- Device security:
- Jailbreaks detection;
- Device platform backdoors;
- Device interfaces errors;
- Mobile device management (MDM), etc.
- Server side security:
- Server configuration errors;
- Loopholes in server code or scripts;
- Insecure storage of sensitive data on mobile devices;
- Insecure use of cryptography;
- SQL injection termination;
- Weak session management, etc.
- Mobile network/ WiFi connection security:
- Encrypted signal verification;
- SSL encrypted connections;
- Device proxy settings protection, etc.