Applause well understands the need to protect IP as well as product and brand integrity. It is because of this that we have implemented a number of security management measures and controls into the Applause SDK. Working together, the Applause SDK ensures that project and testing managers have full control over who has access to their mobile app builds and who doesnât.
All client/server communication is done via the https protocol. This includes the uploading and downloading of builds that have been instrumented and distributed with the Applause SDK.
Role Based Security
The Applause platform supports role based permission levels. This ensures that not only do Applause clients only have access to their data, but it also allows clients to control who has access to specific data and platform features. Those roles are:
- Owner: Can change project settings and invite additional collaborators. Owners receive all platform notifications by default.
- Collaborator: Can create test cycles, triage bugs, and communicate with testers and the project management team. Collaborators receive limited platform notifications.
- Viewer: Read-only access. Viewers can monitor test activity, but can not create or modify test cycles themselves.
- Testers: Testers are first segregated by platform. Testers log into their own platform which is separate from the main testing services platform. Testers never have access to Applause client accounts. Testers are also only allowed to see test data from the test cycles to which theyâve been invited, that they have accepted invitations to.
Email links used to access builds are one time use only, per email address. Once a link associated with a specific email address has been used, it is deactivated and becomes non-functional. This prevents testers from forwarding download links and giving access to mobile app builds to non-approved parties.
NDAs distributed with a build as part of an OTA distribution, must be signed and accepted before a participant is given access to download and install the beta app. The NDA acceptance flow has been optimized for mobile users to make it easy for beta participants to accept and submit them.
Beta Participants also receive a unique passcode when the first accept the invitation to join the beta program. After downloading the beta app and launching it for the first time, beta participants are required to identify themselves using their email address and their passcode.
Build Version Control
The Applause SDK offers project and test managers build version control through the implementation of a built-in âkill switchâ. To access this kill switch, an approved user need only log into their sdk.applause.com account, access the Builds tab, and click the âEnable/Disableâ toggle for the build they wish to disable.
The flow for build management is as follows: