By Mahesh Manjunath
In any major city, when you walk down the street during rush hour, you’ll be surrounded by a sea of people staring at, plugged into, and interacting with their smartphones. It’s remarkable just how popular these devices have become in such a short time. But do we often think about the data we are using – how is this accessible data stored, protected and managed, and how do we test it and the layers of hardware and software that generate it?
All of the data in use can be divided into 3 sets:
- Location and communication data: Handled by mobile operators, ISPs, apps
- Transactional Data: Handled by banks, mobile payments providers, retailers etc
- Preference data : Handled by social networks, browsers, mobile apps & OS Providers
Big data is increasingly allowing retailers to accurately profile their customers and target them with relevant products and services with high success rates. Data is often extracted from a number of sources, transformed and loaded into a data warehouse, where it is aggregated to become the target of complex queries and profiling activity. Traditional ETL (Extract – Transform – Load) testing can prove the latter parts of the process, where the collected data is transformed into a common format and placed in the warehouse, but the initial elements will need a mobile specific focus, to ensure that the data is being recorded correctly.
This does present testing challenges:
1) Whose data it is? – This depends on the type of transaction, whether mobile location data is stored and what level of privileges the mobile app / browser is allocated by the user in their mobile device.
Emulators can simulate locations for testing purposes, as well as actual devices – these must be tested in conjunction with a matrix of different settings for allowed privileges in the app. It is now possible to test mobile apps; Native, HTML5 and Hybrid, quickly and easily over multiple emulated and actual devices simultaneously, once required user journeys have been recorded. Using test automation, it becomes easier to generate more data, using different inputs in order to check more combinations, particularly location data, analytics data and user transactions.
Data is accessed by multiple actors, including app providers, Mobile OS provider and social networks that can act as an entity to process the data. When multiple databases are combined, it is important to ensure that the ownership rights and opt in / opt out preferences of associated uses are respected, again this needs to be tested by using emulated and real devices, and a range of preference settings – making this a good candidate for test automation.
2) How is User Data Processed / Stored? – User profiling is done per individual by a system, stored in a non-specific cloud location and shared with third parties. Security testing – penetration, infrastructure and application testing need to be carried out in order to ensure that this data is secure and sensitive user information cannot be accessed without authorisation. An excellent place to start is the Open Web Application Security Project (OWASP) top 10 vulnerabilities:
In summary, from a testing perspective we see the challenge is to reduce complexity of big data by ensuring data protection and avoiding security risks with constructive security testing strategies, plus targeted ETL testing of the data to check the data warehouse at the end of the process. This goes hand in hand with ensuring mobile apps are not only functionally correct, but that they respect the user privileges allocated to them by the user, by running emulated and actual device testing.