📊 Mobile App Testing Metrics: What Every Senior QA Engineer Should Track

In today’s mobile-first world, quality isn’t just about “does it work?” — it’s about performance, stability, and experience across thousands of devices and real-world conditions.

In this post, I’ll break down the essential mobile app testing metrics across both functional and non-functional categories, and share why each is critical for modern QA teams.

---

✅ Functional Testing Metrics (Ensuring the App Works as Expected)

Functional metrics validate how well your app delivers expected features. These metrics give you confidence that the app is ready for real users.

• Test Case Coverage: Helps you measure how much of the app’s core workflows are validated through test cases (manual or automated).

• Pass/Fail Rate: Tells you how stable the build is. A high failure rate signals instability or regression.

• Defect Density: Tracks how many bugs are found per feature or module. It’s useful for identifying hotspots or weak areas in the app.

• Bug Reopen Rate: Measures how often closed bugs reappear. A high reopen rate suggests incomplete fixes or misunderstood issues.

• Automation Coverage: Indicates what percentage of tests are automated. It helps identify areas that can benefit from automation for faster regression cycles.

• Crash Reproduction Rate: Reflects how reliably testers can reproduce reported crashes — critical for triaging user-submitted issues.

• Exploratory Testing Insights: Captures notes and findings from unscripted testing, often revealing usability issues and edge cases.

---

🚀 Non-Functional Testing Metrics (Ensuring the App is Fast, Stable, and Safe)

Non-functional testing metrics focus on performance, stability, and overall experience — factors that directly influence user retention and app ratings.

• App Start Time: Measures how long the app takes to open, especially after a cold launch. Anything over 2 seconds can degrade the user experience.

• Memory Usage & Leaks: Helps detect memory spikes or leaks that could lead to slowdowns or crashes, especially on low-end devices.

• Battery Consumption: Evaluates how the app affects device battery life — a key concern for mobile users.

• Crash & ANR Rate: Tracks how often the app crashes or becomes unresponsive. Tools like Firebase Crashlytics or Sentry can monitor this in real time.

• Network Performance: Focuses on how the app behaves under different network conditions (3G, 4G, offline, etc.). Includes API latency and error rates.

• App Size & Load Time: Larger apps take longer to install and may deter users from downloading. It’s also a factor in emerging markets with limited storage or data.

• Security Metrics: Includes how securely the app handles sensitive data (e.g., token storage, permission usage, SSL pinning).

• Push Notification Delivery Rate: Measures the reliability of push notifications, especially when the app is in background or killed state.

• Session Length & Retention Indicators: While often tracked by product teams, these are useful for QA when analyzing how app performance impacts user behavior.

---

🛠 Tools I Use to Track These Metrics

To track these metrics efficiently, I use a combination of industry-standard tools:

• Test execution & automation: TestRail, Zephyr, Xray, Allure

• Automation & CI/CD: Appium, Espresso, Detox, Jenkins, GitHub Actions

• Crash reporting & performance monitoring: Firebase Crashlytics, Sentry, New Relic

• Security scanning: OWASP Mobile Checklist, MobSF, Burp Suite

• User analytics & behavior: Mixpanel, PostHog, Google Analytics for Firebase

---

📈 Metrics I Include in QA Dashboards or Release Reports

When summarizing test results for stakeholders or leadership, I often include:

• The number of tests executed, passed, failed, or skipped

• Automation health (execution duration, flaky test rate)

• High-priority defect trends across sprints or builds

• Distribution of failures by device, OS version, or app module

• Crash-free session rates post-deployment

• Memory, startup time, and battery benchmarks over releases

---

🎯 Final Thoughts

Mobile testing isn’t just about clicking buttons—it’s about measuring what matters. The right metrics help QA teams move from reactive testers to proactive quality advocates. Whether you’re testing a fintech app in Singapore or a delivery platform in Indonesia, these metrics help you build confidence, ship faster, and improve user satisfaction at scale.

📱 Mobile App Testing: 10 Critical Test Scenarios You Can’t Miss (That Go Beyond Web UI Testing)

When it comes to testing mobile applications, the challenges go far beyond what typical web UI testing entails. Mobile apps must work flawlessly across a fragmented ecosystem of devices, screen sizes, OS versions, sensors, network conditions—and still deliver a high-performance experience. That’s why test engineers must design test cases that account for mobile-specific conditions that web-based apps don’t encounter.

In this post, we’ll break down the 10 critical mobile app test cases that every QA engineer should prioritize—and explain how they differ from traditional web UI testing.

---

✅ 1. Installation & Launch

Unlike web apps, mobile apps must be installed, upgraded, and uninstalled through OS-specific stores like Google Play or Apple App Store.

Test Cases:

• App installs/uninstalls cleanly on all supported devices.

• Launches successfully after a clean install or version upgrade.

• First-launch behavior (onboarding, permission prompts) works without failure.

---

🌐 2. Device & OS Compatibility

Mobile ecosystems are highly fragmented. You must ensure compatibility across OS versions, hardware specs, and screen dimensions.

Test Cases:

• Verify app functionality on Android 10–14 and iOS 14–17.

• Check responsiveness across tablets, foldables, and small-screen phones.

• Test on low-RAM or budget devices (to catch memory issues).

---

📶 3. Network Conditions

Mobile users are always switching between 5G, Wi-Fi, and even no network. Your app must handle this gracefully.

Test Cases:

• App behaves predictably with no internet or low bandwidth.

• Test auto-retries for failed API calls due to timeouts.

• Switching from Wi-Fi to mobile data mid-session doesn’t break functionality.

---

🔄 4. Background & Resume Behavior

A mobile app should maintain state and not crash when interrupted by a phone call or switching to another app.

Test Cases:

• App resumes gracefully from background state.

• Data entry is preserved when the user switches away and returns.

• Proper behavior after a cold restart or after device reboot.

---

🔋 5. Battery & Performance

Performance testing on mobile goes beyond responsiveness—it’s also about battery and resource consumption.

Test Cases:

• No excessive battery drain during idle or active use.

• Monitor CPU/memory usage over time (watch for leaks).

• Measure cold and warm start times.

---

🔐 6. Permission Handling

Mobile apps rely on permissions to access hardware features. You must test both granting and denying permissions.

Test Cases:

• App only requests necessary permissions.

• Behavior is graceful when permissions are denied or revoked.

• Scoped storage compliance (Android 11+) is in place.

---

🔔 7. Push Notifications

Push notifications are a core engagement channel and must work across all app states.

Test Cases:

• Push received when app is in background or killed.

• Tapping the notification leads to correct app screen.

• Notifications respect user opt-in/opt-out settings.

---

📲 8. Gestures & UI Flexibility

Mobile users interact via gestures and virtual keyboards, making UX more dynamic than web.

Test Cases:

• UI responds correctly to swipes, taps, long presses, and pinch-to-zoom.

• Keyboard overlays don’t hide important input fields.

• Smooth adaptation to dark mode, orientation changes (portrait ↔ landscape).

---

🔐 9. Security Testing

Security is non-negotiable, especially with personal data or financial transactions involved.

Test Cases:

• Secure storage for sensitive data (e.g., keystore/token vault).

• No sensitive logs left in logcat or crash logs.

• Behavior on rooted/jailbroken devices is safely restricted.

---

📊 10. Analytics & Store Compliance

Apps often embed SDKs for analytics and crash reporting, and must comply with store policies.

Test Cases:

• Verify Firebase, GA, or Crashlytics events are firing correctly.

• App follows Play Store / App Store policy (e.g., no deprecated APIs).

• Correct versioning and metadata shown in store listing.

  
  

  🧪 Final Thoughts

  If you’re only testing your mobile app like a web app, you’re missing half the picture. Mobile brings unique challenges and requires a deeper, device-aware test strategy. The 10 critical mobile test areas above should form the core of your test planning, especially for high-scale production apps used across a variety of devices and conditions.

🔧 Intercepting Android API Traffic with Burp Suite and a Rooted Emulator

Testing the security and behavior of Android apps often requires intercepting and analyzing API requests and responses. In this guide, we’ll walk through setting up an Android emulator to work with Burp Suite, enabling interception of HTTPS traffic and performing advanced manipulations like brute-force attacks.

⚠️ Requirements:

• Android Emulator (AVD)

• Root access (via Magisk)

• Burp Suite (Community or Professional Edition)

---

🛠 Step-by-Step Setup Guide

✅ 1. Install Burp Suite

• Download Burp Suite Community Edition (2023.6.2) from PortSwigger.

• Launch the app and navigate to:

  Proxy → Options → Proxy Listeners → Import/Export CA Certificate

✅ 2. Export and Install Burp CA Certificate

1. Export the CA Certificate in DER format and save it with a .crt extension.

2. Transfer this .crt file to your emulator (drag and drop works fine).

3. On the emulator:

   • Open Settings → Security → Encryption & Credentials

   • Tap Install from SD card

   • Choose the transferred certificate.

4. Confirm installation:

   • Go to Trusted Credentials → User and verify the certificate is listed.

---

🔓 3. Root the Emulator

To trust user-installed certificates at the system level (bypassing Android’s certificate pinning), you must root the emulator.

Tools You’ll Need:

• Magisk APK (v26.1 or later)

  👉 Download from Magisk Releases

• AlwaysTrustUserCerts.zip

  👉 Download from NVISOsecurity GitHub

• rootAVD tool

  👉 Download from rootAVD GitHub

Rooting Process:

1. Ensure your AVD is running before executing the root script.

2. Unzip rootAVD and run the following command in terminal:

./rootAVD.sh ~/Library/Android/sdk/system-images/android-33/google_apis/arm64-v8a/ramdisk.img

2. ✅ For Play Store-enabled AVDs, use google_apis_playstore in the path.

3. Your emulator will shut down automatically after patching.

---

⚙️ 4. Install Magisk & Trust Certificates

1. Restart your emulator and open the Magisk app.

2. Navigate to Modules → Install from Storage → Select AlwaysTrustUserCerts.zip

3. The emulator will restart again.

4. Verify the certificate now appears under System certificates, not just User.

---

🌐 5. Connect Emulator to Burp Suite

In Burp Suite:

1. Go to Proxy → Options → Add Listener

2. Choose an IP from the 172.x.x.x range.

3. Set port to 8080 and click OK.

On the Emulator:

1. Connect to Wi-Fi.

2. Long press the connected Wi-Fi → Modify Network → Proxy: Manual

3. Set:

   • Host: Burp Suite IP (e.g., 172.x.x.x)

   • Port: 8080

   • Save the changes.

---

🚀 6. Intercept Traffic

• Launch your Android debug app.

• Open HTTP History in Burp Suite to monitor incoming requests/responses.

---

🎯 Conclusion

You now have a fully configured Android emulator that allows you to:

• Intercept and inspect HTTPS API traffic

• Analyze request/response headers and payloads

• Perform manual or automated security tests (e.g., brute force attacks)

This setup is ideal for mobile QA, security testing, or reverse engineering Android applications in a safe, isolated environment.

---

💬 Feel free to bookmark or share this guide with fellow testers or developers diving into mobile app traffic inspection.

Happy hacking!

Android UI testing with Appium

Final product of Android application development are not Activities, Services, Fragments and Views but simultaneous work of all these pieces to produce system with certain functionalities. Customer and user are not interested in internal architecture of the mobile app but they want to ensure that app returns the correct UI output in response to user’s actions on device. Therefore, functional UI testing does not require testers to know details of implementation.

Manual testing has a lot of disadvantages: it can be time-consuming, tedious and error prone. Automated testing is more efficient and reliable. All you need to do is to write test cases to cover specific usage scenarios, and then run the test cases automatically and repeatedly by testing framework.

Inspiration

The most notable limitation in Android Instrumentation frameworks, including Robotium, is that it lets click throughout only on the application that is under testing. For example, if application opens the camera and tries to take a photo, the test ends with a fail.
This is because of a permission to perform a click from one application to another. It is related to Android’s security model. For example, the uiautomator does not have this limitation, it allows taking pictures in one application and enable access to change settings in second application.

Why Appium?

• Provides cross-platform solution for native and hybrid mobile automation i.e. Android and iOS.
• Allows you to communicate with other Android apps not only app under the test. For example, you can start another app from app under the test (for example, Camera app).
• You don’t have to re-compile your app or modify it in any way, due to use of standard automation APIs on all platforms.
• It is “black box”. You can test not only app developed by yourself but any *.apk installed on your phone or emulator. Internal implementation of the app is not limitation for testing (except some rules related to UI definition like defining content-description text).
• You can write tests with your favorite dev tools using any WebDriver compatible language such as Java, Objective-C, JavaScript with node.js, PHP, Ruby, Python, C#… All you need are Selenium WebDriver and language specific libraries.

How it works?

It supports a subset of the Selenium WebDriver JSON Wire Protocol, and extends it so that user can specify mobile targeted desired capabilities to run tests through Appium. Android support for Appium uses the UiAutomator framework for newer platforms and Selendroid for older Android patforms.

Example

My simple example is doing this:

1. Runs MainActivity which has a button with label “button1”.
2. Clicks on button1 which starts second Activity
3. Checks if second screen contains TextView with text “Activity2”
4. Clicks on “back” button
5. Checks if we are again on MainActivity

public class AppiumExampleTest { private WebDriver driver = null;   @Before public void setup() { File appDir = new File("..//TestedAndroidApp//bin//"); File app = new File(appDir, "TestedAndroidApp.apk");   DesiredCapabilities capabilities = new DesiredCapabilities(); capabilities.setCapability(CapabilityType.BROWSER_NAME, ""); capabilities.setCapability(CapabilityType.VERSION, "4.2"); capabilities.setCapability(CapabilityType.PLATFORM, "WINDOWS"); capabilities.setCapability(CapabilityConstants.DEVICE, "android"); capabilities.setCapability(CapabilityConstants.APP_PACKAGE, "com.example.android"); capabilities.setCapability(CapabilityConstants.APP_ACTIVITY, "MainActivity"); capabilities.setCapability(CapabilityConstants.APP, app.getAbsolutePath());   try { driver = new RemoteWebDriver(new URL("http://127.0.0.1:4723/wd/hub"), capabilities); } catch (MalformedURLException e) { e.printStackTrace(); }   driver.manage().timeouts().implicitlyWait(80, TimeUnit.SECONDS);   }   @Test public void appiumExampleTest() throws Exception { // find button with label or content-description "Button 1" WebElement button=driver.findElement(By.name("Button 1")); // click on button and start second Activity button.click();   // we are on second screen now // check if second screen contains TextView with text “Activity2” driver.findElement("Activity2");   // click back button HashMap<String, Integer> keycode = new HashMap<String, Integer>(); keycode.put("keycode", 4); ((JavascriptExecutor) driver).executeScript("mobile: keyevent", keycode);   // we are again in main activity driver.findElement(By.name("Button1")); }   @After public void tearDown() { if (driver != null) { driver.quit(); } }   }

As you can see in code example, we use WebDriver to find elements on UI. It is created in setup() method where we define a set of desired capabilities. When we find certain UI element we can perform some action on it like clicking or type some text in input field.

WebView testing

One feature that is lacking in uiautomator is not existing way to directly access Android objects (Views) and there is a limitation to handle WebView. Because there is not way to access WebView, testers can not inject JavaScript, which is clearly the easiest and the best way to handle those tests. Currently there is nothing testers could do inside WebView with uiautomator.
But Appium developers found solution for this limitation. As Appium has support for both, uiautomator and Selendroid, you can use Selendroid to test WebView. Here is simple example how to do that:

public class LoginTest { private WebDriver driver = null;   @Before public void setup() { File appDir = new File("..//TestedAndroidApp//bin//"); File app = new File(appDir, "TestedAndroidApp.apk");   DesiredCapabilities capabilities = new DesiredCapabilities(); capabilities.setCapability(CapabilityType.BROWSER_NAME, ""); capabilities.setCapability(CapabilityType.PLATFORM, "WINDOWS"); capabilities.setCapability("device", "selendroid"); capabilities.setCapability(CapabilityConstants.APP_PACKAGE, "com.example.android"); capabilities.setCapability(CapabilityConstants.APP_ACTIVITY, "LoginActivity"); capabilities.setCapability(CapabilityConstants.APP, app.getAbsolutePath());   try { driver = new RemoteWebDriver(new URL("http://127.0.0.1:4723/wd/hub"), capabilities); } catch (MalformedURLException e) { e.printStackTrace(); } driver.manage().timeouts().implicitlyWait(80, TimeUnit.SECONDS);   }   @Test public void loginTest() throws Exception { WebDriverWait wait = new WebDriverWait(driver, 10);   // this is important part. driver.switchTo().window("WEBVIEW");   // find user-name input field WebElement userNameInput = driver.findElement(By.id("input_user_name")); wait.until(ExpectedConditions.visibilityOf(userNameInput));   // type user-name in input field userNameInput.clear(); userNameInput.sendKeys("android1@example.com"); driver.findElement(By.name("password")).sendKeys("password");   // submit login form driver.findElement(By.name("login")).click();   WebElement confirmButton = driver.findElement(By.name("grant")); wait.until(ExpectedConditions.visibilityOf(confirmButton)); confirmButton.click();   // we are now logged in app and we proceed with native app driver.switchTo().window("NATIVE_APP");   // find button with label "button1". driver.findElement(By.name("button1")); }   @After public void tearDown() { driver.quit(); }   }

Backward compatibility

Appium supports all Android API levels but there is one limitation. As it uses uiatomator for tests running on API>=17, for older APIs you need to run tests using Selendroid.

Selendroid vs Appium

Selendroid and Appium are very similar:

• both use Selenium WebDriver
• both could be used for native, hybrid and mobile web apps
• both could run tests on emulator or real devices
• both are suitable for Cloud Based Testing

Selendroid, or “Selenium for Android”, is a test automation framework which drives off the UI of Android native and hybrid applications (apps) and the mobile web. As you can see from its name, it could be used only for Android which is not case with Appium (it supports iOS and FirefoxOS, too).
Selendroid has multiple Android target API support (10 to 19) and it has not limitation with WebView testing like Appium which uses uiautomator for API>=17.
UI elements locating is easier in Selendroid. In Selendroid you can find UI element by its id, class, name, xpath, link text, partial link text. Appium, for example, does not support elements locating by id (in layout *.xml file defined as “android:id=@+id/some_id”). It is because uiautomator does not support it for API less than 18. Elements locating by link text and partial link text is also not supported by Appium.
Selendroid has very useful tool called Selendroid Inspector which simplify UI elements locating. Perhaps Android SDK has uiautomatorviewer, Selendroid Inspector is more user-friendly.

Limitations

For recognizing UI elements, the Robotium is much more accurate because it lets tests to click on elements by their resource ID that provides a more accurate element identification. In addition to ID, the elements can be recognized by the content. Uiautomator has a general accessibility on labels, e.g. text, description… etc. But if there are more elements with the same text, there is need to add index for instance. And, if the UI changes dynamically, it might be a big problem. As uiautomator actually lets a test to click through device and text descriptions, such as “Settings”, can cause issues as there are “Settings” and “Option settings”. For this reason it is much harder to write an universal test in uiautomator.

Basically, you can easily find every View which has defined “contentDescription” attribute or which extends TextView class. If you have custom View, which does not extend TextView, it will be very hard to find it by test. Of course, there is an option to find view by xpath, but it is not trivial.

At a time when I was researching Appium I was not able to test screen orientation change or connectivity change. Also I did not find a way how to confirm AlertDialog in my tests. There were some proposals to use javascript methods for this but it did not work for me. Last thing which I was not able to test are auto-complete text suggestions. I did not find how to select one of suggestions.

Limited support for gestures: If your app uses only simple gestures, like tap, you could be fine. Appium allows you to write javascript wrappers to support different gestures. But you will probably spend a lot of time to write support for them.

Cloud Based Testing

Cloud testing is a form of software testing in which web applications use cloud computing environments (a “cloud”) to simulate real-world user traffic. It is interesting to me because Appium is suitable to run tests in cloud. For example, SauceLabs or testdroid provides services to run Appium tests on real devices or simulators. Of course, you need to pay for this but it has a lot advantages compared to tests run on local machine or jenkins. Simulators in Cloud are much faster than emulators running locally.

Conclusion

Appium is still young and I think that it need to grow more to cover all testing requirements and I hope it will. I like idea, especially that I can communicate with other apps on my phone while running the test for certain app which is limitation of Robotium, for example. Cloud Based Testing has a lot of advantages. For example, our tests often fail on Jenkins because it runs tests on emulators which are slow and unpredictable especially when you have wait-for-view conditions in your tests.