Twitter doesn’t need a Password to Login! Really?!

Today, morning I installed the Twitter Android App Version 5.91.0 on my device (Moto G3). I found that I was able to Login without setting up a password. I followed the below steps to Login without password.

Steps to reproduce

Steps 1

In the Home screen I tapped on Sign Up button.

Step 2

I entered my name Pranav in the name text field and I tapped on “Next” button.

Step 3

In the verification screen I entered the Phone number (8888888888), then I got a verification code. I entered the verification code. Now, it lets me to the Enter Password screen. I need to enter a password to activate my account.

Step 4

I got a message stating your Phone is activated. I closed the Twitter app and then I launch it again, it asked me to enter the Password. 

I closed the Twitter app again and I launched the app again, but this time I have cleared the Twitter app data (Setting -> Apps -> Twitter -> Storage -> Clear Data.)

I was surprised because I was logged in to my account with the Twitter handle @Pranav96003942. I did not set the password for the account, but I was logged in.

Fig 1: After Login Screen

Step 5

Then I thought to investigate more. So I cleared the Twitter app data and then I followed Steps 1, 2, 3 and 4 with the same mobile number (8888888888) which I registered previously.

I discussed with Santhosh Tuppad about this, then he did not a search in his Twitter account with the Twitter handle @Pranav96003942, the account was not fetched because it takes some time to update in the Twitter Database.

Step 6

Santhosh asked me to follow him on Twitter, immediately I followed @Santhoshst.  Santhosh got a notification, that I follow him. I was also able to Tweet with the account @Pranav96003942.

Step 7

Now, Santhosh asked me to check if I can change the Password. I went to Change Password screen, there I need to enter the Current Password to change to change my password, but I am not aware of the current password. We tried entering the verification code for Current Password, we got a toast message “Your Old Password was entered incorrectly”.

Fig 2: Change Password Screen

Step 8

Then, I tapped on Forgot Password. I entered the number (8888888888) with which I registered to get the passcode. I got an error message stating “We Found More than one account with the Phone Number” I got this because I had registered the same number twice.

Fig 3: Forgot Password screen with Phone Number 

Step 9

I tried to recover the password with username @Pranav96003942, I got a passcode to the registered number. Now, I did a password reset by entering a new password, then I logged out of the account. When I tried to login with the mobile number and password I was not able to Login, I got an error message stating “We Found More than one account with the Phone Number”.

Fig 4: On Login with registered number

Step 10

Finally, I realized that Version 5.91.0 is not the latest one. So, I updated the app to the latest version and then I tested for the above steps. I was logged in without Password.

My Conclusion about this behavior

The first issue, I had never entered my password on Login. So, if I had Logout of the account I can’t login again, if I want to recover my password I need to do a Forgot Password and then reset my password with a new one this is the User experience issue.

Secondly, the user must not be allowed to register with the same number again. Because, it allows to register I am getting an error message stating “We Found More than one account with the Phone Number”.

Ten Ways that I Follow to Test a Web Application.

One fine day in office, I had discussion with “Sandeep Tuppad” about qualities of a good tester, he compared a good tester with a warrior, he said that good warrior is one who know about war tactics and techniques and how and when to use weapons likewise, a good tester is one who know about the architecture and functionality of the app, one who know how to use the right tools and report the bug and get it resolved. So I assume myself as a good warrior while testing.

• Before starting testing I initially tour the product, so that I can better test the product and avoid missing certain area. I use the touring heuristic mnemonic (FCC CUTS VIDS), this helps me to find the testable areas in the application and to differentiate between feature and bug. I create a feature map by touring the application, this not only helps me to keep track of the features that I have tested, but also helps me to track the test coverage. To know more about the application I gather information about the application using add-ons like W3techs and Wappalyzer.
  W3techs website information technology is a browser extension available for Chrome and Firefox, it provides information about website background, server side language, client side language etc. More information like character encoding can be found when we use the website http://w3techs.com/sites the above extension fetches detail from this site.
  Wappalyzer is a Firefox add-on that server, framework present in the application as soon as we open the app in our Firefox browser.

Fig 1: Waaplyzer Output.

• After touring I come with different test scenarios for each feature in the application and I add it to the feature map which I have created and I also document the test cases.
• I will concentrate on particular features and test that feature based on different parameters and try to find bugs, if I am testing a File upload or CAPTCHA feature I go to the TestInsane mindmaps repository and pick the mindmap regarding to file upload testing or CAPTCHA testing, it triggers lots of test ideas.
• I use “Putchik's wheel of emotion” for performing Emotion based like I will get irritated if the application is slow.
• I automate test that I feel that need to be done repeatedly. There was a scenario where I need to add different combination of items to the cart and place the order, so I created a selenium script to add different items to the cart and place the order, it saved lots of time and also gives a better test coverage.
• Combinatorial testing there are different ways to enter a room so doing thing in a different way will leads to some bugs that is trying out different combination to perform the same task, for instance I was testing an app which allows to select postpaid option for a particular subscriber, but if I add the same number as primary number I was able to select prepaid for the subscriber and the re-charge for the number was getting failed.
• If there are any third party API like payment gateway, Dropbox integration I explore about their Terms & Condition and come up with test ideas, supposing if a payment gateway allow only Rs 2000 to be transferred in a particular day the app using the payment gateway must show error message if transaction of more than Rs 2000 is tried.
• I use the “common software error” by Cem Kaner, it contain over 400 ready-made software bugs and mindmap like “Ready-Made50 Bugs / Test Ideas” by Santhosh Tuppad, these helps me a lot to find if I am missing some test ideas
• I use add-on like web developer add-on which are my weapons. Some of the add-on which I use frequently are listed below. 
  
  
  Postman & Postman Interceptor
  Postman is a very useful Chrome APP for performing API testing we can capture the request link in using Developer Tool option and past it in the URL tab and select the option like GET, POST, PUT and click the Send button we will get the response back.
  
  
  PostmanInterceptor is used to capture the request while we load a particular page and show it in the Postman.
  
  
  Recx Security Analyser
  RecxSecurity Analyser  is a Chrome add-on used to analyse the HTTP security headers, page Meta security, cookie security options and Form auto-complete settings in a particular website. It can be used to find security vulnerabilities in the site suppose X-XSS protection header values is not “1: mode =block”, the website may be vulnerable to cross site scripting.
  
  
  BugMagnet
  BugMagnet is an add-on available in Firefox and Chrome, it will be useful while testing web form it provides set of valid and in-valid input values for the form fields like e-mail, URL etc. We can use it test if the form fields accepts invalid items and submit.
  
  
  Mockaroo Random Data Generator
  Mockaroo is a web application it can be used to generate test data for form fields in the app, it will be very helpful for automation.
  
  
  Flagfox
  FireFox add-on which contain tools like Whois. It can also be used to perform SSL Server Test by using SSL Server Test, It provide information such as server information, certificate information, signature algorithm used and the coolest part is it describes the vulnerability in the signature algorithm.

Fig 3: Flagfox Tool list.

• I read the bug reports that are reported by other tester in the team so that I get some ideas from them.

The Importance of Starting from Basics

Before going into advance concepts, learning the basics is very important thing which I have learned from my experience. I used to jump into advance concepts before learning the basics and I faced lots of problems. One fine day in office I got a chance to test a mobile app, I was scared because I did not have in -depth knowledge of testing a mobile app. I did not know the parameters that has to be covered. Initially I just use to do functionality test, I found it very difficult.

Difficulties which I faced

• I used to make mistakes in bug report like using click for tap and page for screen.
• I used to miss some bugs.
• I spent a lot of time in bug reporting because I need to transfer screenshot from mobile to phone.
• I did not use any tool so it was very difficult to report a crash in the app.
• I found it difficult to get test ideas.

One day after office, I was travelling to home with Sandeep Tuppad in a cab I started my discussing about the automation of mobile app testing using Appium. Sandeep asked me few basic questions such as how does push notification works and some basic UI related questions, I was not able to answer. He made a strong point that without knowing the basics it is very difficult to test or automate a mobile app. I started to work on it.

How did I overcome the difficulties?

• I stared from the basics I learned about the architecture of different mobile operation system.
• I attended a workshop related to mobile app testing by Ajay Balamurugdas. I learned the basics of mobile app testing by attending the workshop such as the terminology used to describe the actions that we perform in mobile screen like tap, pinch and swipe and some useful tools like Mirroring 360, Fiddler etc.
• I read a book related to mobile app testing called as “Tap into Mobile Application Testing” by Jonathan Kohl. The book explains about different aspects of mobile app testing from basics to advance. Jonathan Kohl explains about his model “I SLICED UP FUN” each letter in the mnemonic explains about parameter based on which we can test for example the letter "I" in the mnemonic is for Input. The mnemonic is very powerful it can be used to generate different test ideas.
• I started to use tools like iTools and iFunbox to get crash log for reporting while a crash occurs in the app.
• I used mindmaps related to mobile testing from the TestInsane mindmaps repository.
• I started to use SDK tool such as uiautomatorviewer, emulator, monkey and other tools.

After doing the above things I was able to feel some changes in my testing some were my bug reports were better and I could generate more test idea.

Initially in TestInsane I was testing a web application. I felt lots of actions which I do while testing consumes lots of time such as if the pager of the web application contains 100 pages to verify if all the pages contain some information, I need to click each link to check. Suppose I need to perform the same action with different combination of inputs I need to enter each input, I felt it difficult, so I explained it to Sandeep Tuppad about this he told me to use Selenium IDE to record and replay the action that I do repeteadly. I started to use Selenium IDE, but certain things cannot be done using Selenium IDE like performing the same action with different combination of input, so I started to code using “Selenium WebDriver” Java binding and Eclipse IDE.

Difficulties which I faced when I started to use Selenium WebDriver

• My code was not used to be so clean because I didn’t follow the coding guidelines.
• I used to code straight away without finding the scenarios needed to be automated, so I faced the problem of modifying the dataprovider frequently.
• I used a lot of explicit wait (Thread.sleep) in my code.
• Without having strong knowledge in core java I started directly.
• I used Selenium IDE a lot used to record scenario and export to Java code and use it in my script.
• X-PATH should be in such a way that it should work even if the web elements are changed, but I used Firepath to get the X-PATH of a particular element the X-PATH given by Firepath doesn’t support if there is a change in the position of the web element.
• My Debugging skills was a bit lower I used to ask other for help if a particular problem occurs in the code.
• I did not consider memory usage and code running time.

Things which I did to overcome the difficulties

• I stopped using Selenium IDE frequently and used to write code for the scenario need to be automated using Eclipse IDE.
• I practiced constructing dataprovider for a particular website.
• I studied the java coding guideline by Oracle.
• I started to debug problem that occur using the Debug mode in Eclipse by giving breakpoint and seeing the log.
• Learning to construct X-PATH will enable to construct effective X-PATH, so I learnt how to construct X-PATH and used (Ctrl+F) in the inspect element to check if the X-PATH selects the particular element.
• I learnt about synchronization in Selenium and used implicit wait to make the code faster.
• I studied core Java from the book “Thinking in Java” and practised coding in Eclispse IDE.
• Verifying the code with experienced people in team will give lot of Ideas. I used to verify my code with Sandeep Tuppad he gives me suggestion by reviewing my code, this helps me a lot because I can come to know my mistakes.

After following the above things my script got better now than before because I omit the things that should not be used in my code and I follow the coding standard.

The most important lesson that I have learned from my testing experience is starting from basics is very important to craft to perfection the things which we do.

MY EXPERIENCE REPORT OF MOBILE TESTING WORKSHOP BY AJAY BALAMURUGADAS

It was a pleasant Saturday. The workshop was conducted by Ajay Balamurugudas. He is a cool guy who is an expert in mobile application testing. This workshop was pretty different from other workshop because it was filled with hints and exercises. The first exercise was to brief the details of the device in which we are testing the app on to a developer. I was using a windows phone “Nokia Lumia 520” so, I tapped on setting icon in the Home screen. In the Setting screen I used the “About My Device” option to see the OS version, IMEI number, RAM etc. Ajay asked us a simple question as how to find all the details of the device by just one word? My answer was, we can use the phone name. Ajay’s advice was not to do anything that steals our testing time. He said we can use Flipkart to see the entire specification of the device we are using, he also gave us a list of ideas sometime Flipkart and other e-commerce website provide false details so, he advised us to go directly to the phone manufacture website to see the specification. I also came to know about an interesting website called as IFIXIT.COM which is used to give a teardown view of any mobile.

Key points learnt from the exercise

•  Using website such as "Flipkart" to know the specification.
•  Manufacturer details.
•  Using IFIXIT to get a tear-down view of mobile.
• Get to know about Form Factor which is the general look and shape of the mobile device. There are three form factors:
•      Phone
•      Tablet 
•      Phablet

Exercise 2: Was about getting to know about different terminology used in mobile testing to report bugs. The thing I like the most in this workshop is it start from the basics and provides a step by step foundation to learn about mobile testing. This exercise was about to perform a set a task such as open the camera, restart the phone and to simultaneously write the command to perform the action. During the hint discussion of this exercise Ajay told us about an interesting application called as “App a day” which a free app that give us one paid app a day for free.  Then there was a discussion regarding the key terms used in mobile testing such as Dead-spot, ADB and USBDebugging etc. Ajay explained about each keyword using a WordCloud he created for the terminology.

Key points learnt

• Difference between swipe and flick.
• How to get paid app for free using app a day.
• How to report bugs in app using the right terminology.
• What is word cloud and how to create.

Exercise 3: Was about gathering information about before starting to test from the stockholders or project managers.

This exercise was very interesting few of my question were

• Who are the end users of the product?
• Specification about the application?
• Duration of the project?
• What are main features need to be tester?
• Device compatibility of the application?

Ajay gave us a clear view of what are the Context-Free Question for testing using a mnemonic to remember from Michael Bolton.

Mnemonic: PCM-TRP-DOT-TED-FIAT

P: Permission C: Clients M: Mission

T: Time R: Report T: Thinking

D: Data O: Oracle T: Thinking

T: Testers E: Experts D: Developer

F: Feeling I: Information A: Avoid T: Tools

Ajay explained about few question to ask for each mnemonic and he advised us to watch a video by James Bach called as “Steve McQueen”. I learned how to investigate when a problem occurs from the video.

Key Points learnt:

• Important question to be asked before testing?
• Investigating of a bug?

The next exercises were very cool because we started to test a live app.

Exercise 4: To perform “First Impression test” on a live app. First Impression is the best impression, if the user does not feel good while using the app for the first time then he will not use the app again.

I tested the “BookMyShow” application. Few of my first impression regarding the "BookMyShow" app.

• The app icon did not give any idea as what the app was.
• The Splash screen of the application was not good, since there were no capitalization of characters
• Load time of the application was very less.
• The color contract of the first screen was red and black.
• Features of the first screen was there was search bar and list of cities displayed to select one from them.

Ajay ways of first impression testing was very different, he gave us useful test ideas for first impression test of the app.

• Gather information: To collect all the information required for testing using the Contex free question discussed in previous exercise 
• Feature Map: Feature map is a pictorial mindmap that represent the features of the app we are testing. Creating this will help to track the coverage.
• First Launch Test: Ajay recommended to take a screenshot or video while we launch the app for the first time. Because some bugs occur only the first time we launch the application.
• Delete-able Offences: Sometime the user will delete the application when the app is slow, unable to understand, hangs a lot etc.
• Common Issues: Crashes occurs, color contrast etc.

One of the advice from Ajay was “Do Not Self-censor”. It means do not assume that this might not be a bug.

Key Points Learnt:

• Touring the application to know the features in the application so, that we can get a clarity between a bug and a feature.
• Creating a feature map.
• Important of using a video recorder or to take screenshot while launching  the app for the first time.

The next exercise was related to Testing Models.  To use the testing models and find the bugs in the live application.

• LONG FUN CUP by Dhanasekar S.
• I SLICED UP by Jonathan Kohl.

       Using these model we can get test ideas because these model categories in the form of mnemonics. I tested the FlipKart app based on these model it was cool and I was able to get different test ideas.

The next task was to create a mindmap of the common bugs found in the software. The mindmap created by me is below

Common  Problems Mindmap

Pizza were distributed to everyone. After the lunch workshop commenced again.

The most aviated moment of the workshop Ajay’s demo, a demo of how he tests a live mobile app. He tested the mobile app called as “yoga360”. He was using an interesting tool called as “Mirroring 360”, it simulates the actions he performed in the application to the app in the desktop. But both Mirroring 360 and the mobile device must be connected to the same WIFI network. He did some interruption based test by making a call while purchasing a package in the Yoga360 application and he found a cool bug that interrupts the call. He was simultaneously recording the action he performed using the tool called as “FastStone Capture”.

Key Tools and Techniques learnt:

itools

Itools is a windows application used for IOS operation system, it is used to view the log generated IOS application and also it gives us the crash report when the app crashes.

Android Debug Bridge

Android Debug Bridge is a command line utility that run in windows it can be used to communicate with the emulator or connected android device via command line interface.

Fiddler

Fiddler is web debugging tool,it is available for windows as well as MAC. We can use it to view the network interaction between sever and the mobile application.

Google Chrome Device Mode

It is an option available in developer mode (Ctrl+Shift+I) in Google Chrome we can simulate website view for any mobile device. Network connection can also be emulated such as Normal 2G, Good 3G etc. Orientation of the device can also be changed. One cool thing is there are no mouse or cursor appearance, we will get a feel that we are touching on a touch screen.

Santhosh Tuppad was adding more interesting things to the workshop. Santhosh talked about interesting tools such as  “HttpWatch” and “Charles Proxy” etc.

HttpWatch

HttpWatch is a cool iPhone app  available in two editions basic and the professional. The major use of this app is to watch the HTTP request from the HYBRID app to the server.

Finally there was a good explanation given on what are all the details that has to cover while reporting the bugs. A mindmap was explained to us by Ajay it covered many points that has to be covered while reporting bugs, it was very useful.

These are very very few exercises. You need to witness the workshop and experience it with plethora of exercises. Being present in his workshop is such an awesome experience. Watch out for his next workshop details at http://testmaniac.com/workshop/

Ajay showed his mobile kit, it included iPad, iPhone, mobile stand, “selfie stick”, Damaged USB cables, working USB cables etc.

Last part of the workshop was photo shoot of the certification distribution and wishes from Ajay and Santhosh Tuppad. I thank them very much for giving me the opportunity to attend such as useful and interesting workshop.