Biometric sensors on mobile devices enable powerful functionality for mobile applications. Just a decade ago, being able to use fingerprints, voice input and other biometric data sources within applications remained mostly a dream. Today, it’s commonplace.
With this new functionality comes a challenge for QA teams: Biometric sensors and data must also be tested properly in order to ensure a quality mobile application user experience. If biometric data is not properly addressed by your DevOps team’s testing workflow, then performance, security or other problems stemming from biometric data sources could undercut the benefits of using biometric data in the first place.
This article explores some of the challenges for QA teams that biometric data creates within mobile applications and identifies strategies for addressing them through software testing.
Put simply, biometric data is any type of data that is based on the physical characteristics of a human being. (Some people might say that biometric data could be derived from any type of organism, but since today’s mobile devices currently focus on human-generated biometric data, we’ll limit the scope of this article to that context.)
Examples of biometric data that can be collected by many mobile devices today include:
Because biometric sensors like fingerprint readers are now so common on smartphones, it can be easy to forget just how novel the widespread use of this technology is. Fingerprint readers were introduced to the mainstream smartphone market only in 2013, when Apple debuted the iPhone 5S. And although mobile devices have been capable of using voice input for some time, it has only recently become common to use voice recognition for authentication purposes. Facial image recognition and iris scanning are even newer.
It’s worth noting, too, that we are only at the beginning of the biometric data revolution in mobile devices. Researchers are already working on sensors that can analyze blood, saliva and more with the help of a smartphone. Although such sensors currently function as peripheral devices that connect externally to the smartphone, it is likely only a matter of time before they become directly integrated into mobile devices.
The biometric revolution is exciting for mobile software developers. Biometric data creates innovative opportunities for authenticating users, personalizing interactions with software, and much more.
Yet the integration of biometric data into mobile applications also presents challenges for QA teams. They include the following.
Obtaining accurate software testing results prior to production requires having accurate real-world data to help drive pre-production tests. In general, QA teams can acquire non-biometric data for this purpose easily enough by taking samples of data from production environments and feeding it into test environments.
When you’re dealing with biometric data, however, this approach may not work. There may be compliance and ethics issues associated with collecting biometric data from real-world users and using the data for testing. In addition, if your biometric data sample size is too small, it may not accurately represent real-world conditions in all of their biological complexity and diversity. It’s easier to collect a representative sample of data about, say, Web traffic for testing purposes than it is to generate a representative collection of voice input.
In some situations, there may not be a perfect solution to this challenge. It simply may not be possible to collect enough reliable biometric data for pre-production testing. In that case, the best solution would be to build a continuous testing loop that ensures that problems associated with biometric data or sensors can be detected quickly in production, even if they are not caught by pre-production tests. Although in an ideal world, problems would never occur at all in production, it’s still better for your QA team to find out about a production problem quickly than to wait until users start complaining before the issue comes to light.
Because biometric data can often be associated with individuals, it raises major privacy and compliance issues. QA teams must work alongside security engineers, and perhaps also legal advisors, to ensure that mobile applications handle biometric data responsibly.
Beyond simply complying with regulatory requirements, it may be useful for QA teams to perform a form of usability testing with biometric data to determine which types of information users are comfortable with for collection, and ensure that users are able to opt out of biometric functionality when appropriate. This type of testing may not be the first that comes to mind when you think of usability, but from the user’s perspective, it’s crucial for ensuring a positive experience and avoiding complaints about spyware or privacy invasion by a mobile application.
As powerful as biometric data input may be, it can fail, like any other kind of input. To avoid mobile application performance and availability problems, it’s crucial for QA teams to ensure that backup input methods are available when biometric input fails.
In other words, if authentication via voice recognition or fingerprint scanning is not working, users should have another way to log into an application. If a phone’s camera temporarily stops working, the application should be able to continue accepting data, even if it normally relies on facial recognition to do so. In this case, the application might keep collecting data, but wait until the camera comes back online to process it.
One significant practical challenge that arises from biometric data in mobile devices is that, in contrast to other types of input, biometric input can be hard to mimic when you run tests on simulated or emulated mobile devices.
This is one reason why having real devices available for testing is so important in a biometric-driven world. Failing that, biometric data could still be fed to a mobile test environment running inside a simulator or emulator, although at some point prior to the application’s release, testing on real hardware with real biometric input devices is still advisable, because feeding data into a simulated test environment artificially does not allow you to test all of the variables that are at play when you’re dealing with biometric data that is input directly via hardware.
Biometric data is creating exciting new opportunities for mobile developers and users. In order to take advantage of them, however, QA teams need to update testing workflows and strategies in order to ensure that mobile applications use biometric data reliably and securely. This demand will only grow greater as the use of biometric data by mobile applications increases, and as new types of biometric data input become widely available.
Chris Riley (@HoardingInfo) is a technologist who has spent 12 years helping organizations transition from traditional development practices to a modern set of culture, processes and tooling. In addition to being a research analyst, he is an O’Reilly author, regular speaker, and subject matter expert in the areas of DevOps strategy and culture. Chris believes the biggest challenges faced in the tech market are not tools, but rather people and planning.