Author: Jimmy

Books I Want To Read in 2014

My current reading list for 2014:

Static Analysis for finding I18N Issues

Static analysis tools are useful for quickly identifying issues with your code. Recently, my team has been evaluating Globalyzer, a static analysis tool for finding software internationalization issues. Globalyzer will find such issues as hard coded strings, or hard coded date/time formats. Our aim is to move the discovery of I18N issues from the localization QA phase, upstream to the development phase.

My first impressions are good. Globalyzer is quick to setup, easy to use, and scans code unbelievably quickly. I’ve scanned a project with 350,000 lines of code in less than a minute.

The key to an effective rollout of Globalyzer is developing rule sets per product. Rule sets essentially define the scanning criteria for a code base. For example, for a C++ project, we would start with the built in rule set for C++. Then after an initial scan, we analyze the results, and we may want to update the rule set. For example, we may want to configure the rule set to ignore calls to any logging functions, since we don’t localize log messages.

I’m hoping that we get the following usage from Globalyzer:

  • Globalyzer should help us get involved earlier in the development cycle.
  • Lots has been written about Agile localization. Globalyzer should help us certify sprints as I18N ready, for later localization.
  • We should find any serious I18N issues early in the project – thus reducing fire-fighting later on.

Longer term, I’d like for us to look at integrating Globalyzer with our build systems. I’ll be posting here periodically on our progress, and my experiences with using static analysis tools to find code level internationalization issues.

Automate your Android App Testing Using Robotium

I like that it’s the time of the year when I actually have some time to invest in blogging here. Updates have been pretty sporadic this year (another item to add to my list of resolutions once 2013 hits in a few days).

In this post, I’d like to talk a little about Robotium, and how you can use it to automate the QA of your Android applications. Mobile applications are perfect for Quality Assurance automation – they are usually small, have limited functionality when compared with desktop applications, and are rarely complex in terms of testing steps. Also, if your a solo mobile developer, you may not have the time (or money) to invest in proper quality assurance of your applications.

We’ve been using a Robotium based solution written in Java at my day job for a while, to validate the quality of our localized product builds, both as a unit testing tool and as an actual test automation tool used by our QA team.

One of the main reasons why we chose to invest time in Robotium is the fact that it offers flexibility in terms of how it recognizes objects within your app (e.g. like it would have to in order to click a button). This is especially important for us, as we want to develop a solution once, and have it support multiple language versions of our application. We also looked at MonkeyRunner, which ships with the Android SDK. MonkeyRunner uses Jython (a Python implementation in Java) scripts to walk through applications.

I prefer Robotium as MonkeyRunner lacks the tight UI integration offered by Robotium, (although MonkeyRunner is much easier to setup and run).

When developing automated test scripts using Robotium, we can use the text from a UI object to identify that object at run-time, for example the label on a button. What we do is compile the localized resources from all our languages with our test application, so if we switch our device language to German for example, the resources from the ‘values-de’ folder are loaded by our test application, and thus we can add new languages to our automation solution simply by re-packaging the APK file containing our test automation scripts, and it will run on any of our supported locales without code modifications.

One of the disadvantages of this approach, (and almost all UI based test automation solutions to be fair), is that the maintenance may be high – for example, you will probably lose 90% of your code in a UI refresh.

Creating a Simple Robotium Automated Test Case

  • First off, download the latest version of Robotium, (3.6 at the time of writing).
  • Now simply create a new Android application in the IDE of your choice, I prefer NetBeans due to familiarity, but I know most people like Eclipse for Android development.
  • Add the Robotium JAR as a reference in your project.

For the purpose of this example, let’s say we want to click the ‘Cancel’ button in the below screen capture. As I mentioned above, our Robotium code uses the string ID’s to find objects (based on the current device language, we will look for the value of that string ID for that language if available, and use that to look for the object on the current screen).

MMS Image

Code (Finally!)


package com.jc.robotium

import android.app.Activity;
import android.test.ActivityInstrumentationTestCase2;
import com.jayway.android.robotium.solo.Solo;
import android.content.res.Resources;
import android.content.Context;
import java.util.Locale;

public class RobotiumExample extends ActivityInstrumentationTestCase2 // Provides functional testing of an activity
{
    private static final String TARGET_PACKAGE_ID = "com.yourcompany.yourapp";
    private static final String LAUNCHER_ACTIVITY_FULL_CLASSNAME = "com.yourcompany.yourapp.Activities.MainActivity";
    private static Class launcherActivityClass;
    
    private Solo solo;
    private Activity activity;
    private Resources res;
    private Context context;
   
    // This will launch the application specified above on the device
    static 
    {
        try
        {
            launcherActivityClass = Class.forName(LAUNCHER_ACTIVITY_FULL_CLASSNAME);
        }
        catch(ClassNotFoundException e)
        {
            throw new RuntimeException(e);
        }
    }
    
    public RobotiumExample() throws ClassNotFoundException
    {
        super(TARGET_PACKAGE_ID, launcherActivityClass);
    }
    
    @Override
    protected void setUp() throws Exception
    {
        activity = getActivity();
        solo = new Solo(getInstrumentation(), activity);
        context = getInstrumentation().getContext();
        res = context.getResources();
    }
    
    public void testUI() throws Throwable
    {
        // ....
		
	// Robotium code begins here
		
	// Wait for the 'Cancel' button
	solo.waitForText(res.getString(R.string.cancel));  
		
	// We may want to take a screen capture...
	solo.takeScreenshot();
		
	// Click the cancel button
	solo.clickOnText(res.getString(R.string.cancel)); 
	
	// ....

    }
    
    @Override
    protected void tearDown() throws Exception
    {
        try
        {
            solo.finalize();
        }
        catch(Throwable e)
        {
            // Catch this
        }
        getActivity().finish();
        super.tearDown();
    }

Notice a few things above:

  • We are extending the ActivityInstrumentationTestCase2 class, which provides us with the ability to run test methods on the UI thread.
  • The method that contains your test logic must be prefixed with ‘test’, notice mine is called testUI().
  • We could have looked for the ‘Cancel’ button by passing the text ‘Cancel’ to the waitForText() and clickOnText() methods, but that would only work on the English version of our product. Instead we use the string ID, and look up the value of that string ID based on the current device locale.
  • If you use the ‘takeScreenshot()’ method I have shown an example of above, screen captures will be saved in ‘/sdcard/Robotium-Screenshots/’ on your test device.

Running the Test

Compile the APK containing your test automation script and install it on your test device, along with the APK under test. One ‘gotcha’ here with Robotium is that the APK under test and the APK containing the test logic must be signed with the same certificate. This may not be the case if your APK under test comes out of a build system of some sort. You can use resign.jar to re-sign your APK under test with the same signature as your APK containing the test logic (by running it on the same machine on which you compiled the test APK).

Once both are installed on a test device, we can launch the test from a command prompt via adb:

adb shell am instrument -e class com.jc.robotium.RobotiumExample -w com.jc.robotium/android.test.InstrumentationTestRunner

Conclusion

Robotium is a good test framework for getting automation for Android applications up and running very quickly. It has an active community and updates are released regularly, the latest version (3.6 at time of writing), also seems to be a lot more stable than previous versions.

On the flip side, since we are relying on text resources (which may change frequently), the maintenance on Robotium based automation solutions can be high if your UI changes a lot, which is probably a high possibility for a mobile application.

If your looking for an automation framework for your Android application that you can get up and running quickly, and use to run scripts across an Android application supported in many languages, I would recommend Robotium, and will be keeping a close eye on it as it develops further.

Basic Software i18n Check List

Part of something my team is currently working on involves defining a standard approach to assessing the world-readiness of a piece of software, be it a brand new product or a legacy product that has existed for a long time.

If your codebase is not correctly internationalized, you will face many problems if you ever want to localize your application for another market.

Most of these are general items that could apply to any product on any platform, be a it a website or a mobile application.

Here’s my first draft of my list. This may help you if you are planning of localizing your application to sell in other markets.

Strings

  • Have all strings been externalized?
  • Have all strings been approved by someone who is a native English speaker?
  • Is there overuse of any abbreviations or acronyms, e.g. ‘App Info’?
  • Is there anywhere that you are concatenating strings together?
  • Punctuation is text too! Are you using any hard-coded punctuation marks (.,!?) these need to be externalized?
  • Have you identified all trademarks, tokens and other ‘special’ elements in your text and communicated to localisation that these shouldn’t be translated?
  • For mobile applications, is your text short enough to fit the potential small screen size of mobile devices? Consider string length expands generally 20% – 30% after translation. Some phrases expand by a lot more than 30%. Abbreviations and acronyms are the worst offenders here.
  • Try to keep resources that shouldn’t be translated separate from those that should.
  • Don’t embed HTML mark up in string resources.

Source Files

  • Source files are a standard file format – no need to invent new resource file formats. A standard resource file format will exist for the platform for which you are developing.
  • Source files are UNICODE.
  • You need to be able to generate your localizable file set in one step, it’s ideally handled by the build process.

General UI

  • Can input fields accept accented characters?
  • Can input fields accept double byte characters?
  • Is there room for buttons to expand if necessary?
  • Are there any UI elements like check boxes or radio buttons that are placed across the screen? It is better to place these vertically.
  • Try to put labels for controls above the control, rather than beside it.

Web Applications

  • Is server set up to send UTF-8 character set?
  • Are all buttons resizable?
  • Are there any mouse-over buttons with text in them?
  • Are other elements on the screen able to expand in size?
  • Are links to help and other user documentation appropriately localized?
  • For HTML based UI, never use absolute positioning.
  • NEVER use HTML tables to achieve layout.
  • Try to avoid using fixed widths with HTML layouts.
  • Don’t use the ‘align’ property to align items left or right.
  • Externalize CSS to a separate file – never use inline CSS.

Images

  • Is there text in any image?
  • Are there any images that depict hand, body or facial gestures? e.g, the thumbs up gesture is offensive in some cultures.
  • Are there any icons or images that are very specific to one region? e.g. an American type mailbox indicating an email.

SQL

  • Use the nvarchar type to store all text.
  • Can all insert and update statements handle unexpected apostrophes? (O’Sullivan, d’accord for example)?
  • Can all insert and update statements handle accented and double byte characters?
  • For MySql, ensure it was installed with UTF-8 as the default character set.

Numbers & Dates

  • Do any parts of your application format numbers using a thousand separator or a decimal point? If so the formatting string must be read from the OS.
  • Do any parts of your application format currencies? If so the formatting string must be read from the OS.
  • Does changing the application locale change all numbers appropriately?
  • Are all time and date formats read from the OS based on locale?
  • Does changing the application locale change all dates appropriately?

Regular Expressions

  • Do any regular expressions use the construct [a-zA-Z]? These are not safe from an i18n point of view.
  • Never use a regular expression to find a price, as the currency will be different for different languages.

Collation/Sorting

  • Do any parts of your application sort alphabetically? If so then they need to be tested for i18n awareness.

Beware – Ransomware

So this evening I was sitting at home when I get a panicked call from a friend in some distress. When he eventually explained what he was seeing on his computer screen at that moment, I immediately suspected a Ransomeware infection.

Ransomware, for those who have been living on the third moon of Jupiter for the last few years, is a type of malicious software that basically holds your PC for ransom. The user is prompted to pay a fee to ‘free’ their computer.

Having seen a few infections in the past, this was by far the most scary looking. I can image many naive users being fooled by this, especially I imagine older PC users.

See below for yourself – the reasons your PC has been ‘locked’ are quite serious – pirating content, or one to scare the life out of any user – the mention of your PC being used to view child pornography. What gives it even more sway is that the Garda (Irish police force) logo is displayed.

The designers has also used the ‘McAfee Secure’ logo – which is obviously to give the user a sense that this is legitimate – take it from me it’s not.

This screen prompts immediately after start up, and the designer has even gone as far to disable ALT-F4 and CTRL-ALT-DELETE, so you can’t exit the application, or kill the process from the Windows Task Manager.



The infection itself is quite simple to remove. After booting into safe mode and checking the usual places like the Windows folder I came across a suspiciously name folder in ‘C:\ProgramData’. It was a randomly named folder with a name like ‘ajklvnksnvsdfvfv’.

Inside, a 158mb HTML page, and all the necessary images, and CSS files etc. There was also an .exe in the root of the ‘C:\ProgramData’ folder, the name of which I can’t remember, but it was name similarly to the folder with the HTML file, images etc. (I didn’t have a USB key handy regretfully).

Deleting these files and folders removes the infection, so it doesn’t seem too complex in the methods it employs to evade detection.

Pass this on to any naive users you may know who could potentially see this infection – it may save them a lot of worry.