Technical dry goods | do you know what indicators need to be tested for the “physical examination” before the application goes online?

Time:2021-4-20

Brief introduction: what items are detected before the application goes online? How to detect? What are the test data indicators?
With more and more enterprises building and launching new apps based on mpaas, the launching quality of apps has become the focus of customers. What items are detected before going online? How to detect? What are the test data indicators?
Technical dry goods | do you know what indicators need to be tested for the

Through the last visit to XX rural credit customers to do online function testing, plus the previous experience of several mpaas historical projects, the content of mpaas related testing before app launch is sorted out as follows.
1、 Security
1.1 does RPC enable national secret encryption

For app, data communication security is very important. Mpaas has supported ECC, RSA and SM2. Among them, in the financial industry app, it is suggested that the encryption configuration should be SM2 national encryption to meet the regulatory requirements of the industry. Configuration can refer to the product documentation: data encryption
1.2 enable signature verification for offline package
Technical dry goods | do you know what indicators need to be tested for the

In order to ensure the security of the local offline package, mpaas provides an offline package signature verification mechanism to ensure the security of the offline package. The overall diagram is as shown above, and the user setting process is as follows :

  1. The developer configures a pair of public and private keys. The private key is placed on the server to sign the offline package, and the public key is placed on the client to verify the signature pair.
  2. In the offline package publishing platform, if the signature private key is configured, the AMR file distributed by the platform will carry the signature information (the ciphertext obtained by encrypting the hash value of the offline package with the private key).
  3. After the client gets the AMR package and decompresses it, the client will use the public key preset in the project to verify the signature (decrypt the ciphertext in the previous step to get a hash value, and calculate the hash value of the offline package locally to judge whether they are the same). If they are the same, they will pass the verification.
  4. If the signature verification fails, the offline packet is deleted and the fallback address is taken.
    Through the signature verification mechanism of offline package, the following goals can be achieved:
  5. Ensure the integrity of the offline package, solve the decompression exception, read exception under the normal display
  6. It ensures that the source of offline package is correct and not tampered by local malicious
    1.3 is the userid information set correctly
    Because userid will be used in many places, such as push and whitelist. Therefore, it is generally recommended to select the server’s userid field as the storage field to facilitate subsequent synchronization with the server’s userid field. It is not recommended to store personal information such as personal mobile phone number or ID card as the userid.
    1.4 does the buried point information contain sensitive information, such as transaction number
    Considering the magnitude of buried points is very large, there is no data encryption for the buried points of mpaas by default, so it is not recommended to include sensitive fields in the buried point information to prevent information leakage due to buried points. It is suggested to report sensitive fields through RPC data channel to ensure data security. If there is a demand for burying sensitive fields in burying points, you need to actively open the local encryption configuration of burying points.
    1.5 privacy permission configuration
    Due to the strict control of privacy rights by regulators, mpaas has made the corresponding access scheme. We need to ensure that the relevant configuration of privacy rights has been accessed normally before going online.
    2、 Stability
    two . 1 verification in Android 4 . Can the X version be used normallyuse
    Mpaas minimum supports Android 4.3 or above, so it is necessary to verify the availability of the lower version of Android devices before release. Most of the problems encountered are installation flashback caused by unable to find classes due to multi DEX loading on Android 4. X devices.
    2.2 is the IOS symbol table uploaded normally
    Before publishing, it is necessary to ensure that the symbol table of IOS has been uploaded to the mpaas background to facilitate the background de flashback information.
    2.3 is the hot repair module connected and verified
    Before the release, it is necessary to ensure the normal access and verification of the hot repair module to ensure the hot repair ability of native module and the repair ability in abnormal scenarios.
    2.4 offline package fallback domain name confirmation
    Confirm whether the fallback domain name is an address accessible on the Internet, and whether it is a case of an intranet address issued after publishing.
    2.5 offline packet module access to CDN
    Capacity assessment should be done before going online. By default, the offline packets of mpaas are stored in OSS. However, it is generally recommended to access CDN for offline packet module. The cache function of CDN can solve the risk of bandwidth full due to offline packet download. At the same time, compared with OSS storage, the cost of CDN is lower. The access diagram is as follows:
    Technical dry goods | do you know what indicators need to be tested for the

2.6 pressure test of RPC core link interface
Before going online, we need to do performance pressure test on RPC interface of APP core link to obtain interface performance bottleneck, which can be used as reference for setting current limit value in the future. At the same time, we need to do drills for RPC current limiting scenarios to prevent various exceptions on the client after online current limiting.
two . 7 release update function available
Before going online, we need to verify that the function of publishing APK is available, including the forced update function of publishing updates, to ensure that in extreme scenarios, we need to force the upgrade to use.
3、 Performance experience
3.1 is the offline function of offline package effective normally
Ensure the normal use of offline function of offline package, and prevent the offline function not effective due to various configuration problems of offline package.
3.2 is UC kernel connected normally

To ensure that UC kernel is correctly configured and accessed, it mainly solves various compatibility problems under WebView. At the same time, UC provides good stability, which is more stable than WebView.
three . 3 is the offline packet of the core link prefabricated
Before the release, it is necessary to prefabricate the core link offline package to ensure that the core link can still be opened in extreme abnormal scenarios.
Technical dry goods | do you know what indicators need to be tested for the
Original link
This article is the original content of Alibaba cloud and cannot be reproduced without permission.

Recommended Today

Common auxiliary classes

CountDownLatch Subtraction counter import java.util.concurrent.CountDownLatch; //Counter public class CountDownLatchDemo { public static void main(String[] args) throws InterruptedException { //The total number is 6. It can be used when the task must be performed CountDownLatch countDownLatch = new CountDownLatch(6); for (int i = 0; i < 6; i++) { new Thread(()->{ System.out.println(Thread.currentThread().getName()+” Go out”); countDownLatch.countDown(); },String.valueOf(i)).start(); […]