Security Management and Controls

Security Management and Controls

Overview

Applause well understands the need to protect IP as well as product and brand integrity. It is because of this that we have implemented a number of security management measures and controls into the Applause SDK. Working together, the Applause SDK ensures that project and testing managers have full control over who has access to their mobile app builds and who doesn’t.

Communication

All client/server communication is done via the https protocol. This includes the uploading and downloading of builds that have been instrumented and distributed with the Applause SDK.

Role Based Security

The Applause platform supports role based permission levels. This ensures that not only do Applause clients only have access to their data, but it also allows clients to control who has access to specific data and platform features. Those roles are:

  • Owner: Can change project settings and invite additional collaborators. Owners receive all platform notifications by default.
  • Collaborator: Can create test cycles, triage bugs, and communicate with testers and the project management team. Collaborators receive limited platform notifications.
  • Viewer: Read-only access. Viewers can monitor test activity, but can not create or modify test cycles themselves.
  • Testers: Testers are first segregated by platform. Testers log into their own platform which is separate from the main testing services platform. Testers never have access to Applause client accounts. Testers are also only allowed to see test data from the test cycles to which they’ve been invited, that they have accepted invitations to.

Distribution Controls

Email links used to access builds are one time use only, per email address. Once a link associated with a specific email address has been used, it is deactivated and becomes non-functional. This prevents testers from forwarding download links and giving access to mobile app builds to non-approved parties.

Build Version Control

The Applause SDK offers project and test managers build version control through the implementation of a built-in ‘kill switch’. To access this kill switch, an approved user need only log into their sdk.applause.com account, access the Builds tab, and click the ‘Enable/Disable’ toggle for the build they wish to disable.

The flow for build management is as follows:

sdkkillflow