QA for a Mobile App Engaging Investors In the Gulf Region

Providing QA services for Fintech and Banking solutions comes with extra responsibility, as we are operating with apps that will further process security-sensitive data. Here is the scope of work we were hired to do in this project:

• Establishing QA workflow and developing needed test-related documentation from scratch;
• Testing app’s security and high-performance level prior to the next round of work with sponsors;
• Support and continuous QA for new features and significant releases; 
• Ensuring correct operation of the KYC client identification service;
• Covering the testing load, freeing time for the product owners before the critical release.

To guarantee client’s fintech product answers the audience’s expectations and high standards of the investment market, we’ve assembled an expert team consisting of a Team Lead, 3 manual and 1 auto QA engineers of Middle and Senior levels. All the team members had a strong background in testing multi-user mobile applications with sensitive data.

Overall, the project took more than 1 year. Work was done in several iterations, corresponding with new releases, and in total, took about 6 months of active testing time. Here is what our team has achieved so far in this project:

• Introduced essential metrics to monitor bug statistics;
• Contributed to testing workflow and provided necessary pieces of documentation necessary to ensure quality and uninterrupted QA process;
• Optimized tests’ architecture to ensure analysis is made much faster and determine where the bug or test requires re-runs;
• Organized security, performance, usability, and regression testing;
• Made sure clients’ key extra functionality — “​​recurring investments” — works as expected, charging the planned amount at the right time;
• Checked accuracy of the following functions: trackers (for a top dozen most popular stocks), instant funding, multiple income streams, etc.;
• Ensured correct operation of the KYC client identification service, overcoming challenges that came with various previously unchecked IDs provided by the client to pass the verification;
• Analyzed end-to-end user path to ensure every step is intuitive, self-explanatory, answers customers’ expectations, and performs as planned by the developers.

Automation

Automized performance and security testing:

• Automated scan of production servers, ensuring seamless deployment to live environment;
• Performance (Load) testing with SoapUI Pro. Using this commercial extension helped us to ease many recurring tasks and save time.

Technologies

MobSF and Kali Linux were employed for security testing: 

• MobSF was used in the early stage of new release development to ensure more efficient debugging and increased cost efficiency;
• Kali Linux helped us gather, analyze and report vital information about the app’s vulnerabilities. Considering the sensitive nature of investors’ financial information, we had to make sure no potential attackers could extract any critical data.

Localization-related aspects

It was not our first time working with a client from GCC, and we were ready to adjust to the local working environment and requests.

Schedule. Specialists on the client’s side were available from Sunday to Thursday, with Friday and Saturday off. We were not required to follow the same program, but planned sliding shifts to ensure one of our engineers was available for emergencies on Sundays. 

Islamic stock filter. The Gulf region is a predominantly Islamic domain shared by Sunni and Shia Muslims. Sharia law traditions are strong, and following them is vital for most of our client’s customers. In the scope of our work, we were tasked to test additional Sharia-compliant stocks functionality. We also made UI suggestions for an improved depiction of compliant stocks to attract more conservative customers. 

• RestApi
• MobSF
• Kali Linux