Freel beta smoke test - Performance, Security and UX testingDate: 26 Feb 2018Author: Alexey S
Freel Beta [Malaysia only] ReportDevices
Google Pixel XL 2, Android 8.1.0; Samsung Galaxy Note 4, Android 6.0.1
This is an app for freelancers. It is available only in Malaysia for now and it requires a Malaysian phone number for registration. The user can create jobs and respond to them. I liked an idea and some parts of the app. It has a good looking login page. It is definitely worth trying. Freelancers market is usually competitive and this app could be an additional source of your income. It could be especially valuable at the beginning when the app was just released and doesn't have a lot of workers so you can easily get your first orders.
I had an idea to start with a stress testing first but it was not very effective here. The most of stress test actions are clicking on the loading screen.
Continuing with a functional and UX tests I noticed two major issues which I would like to specify in the summary. I listed a couple of critical bugs below.
- [Medium] Basket icon counter is not in sync in the main fragment and in the app drawer when there are more than 0 items. Screen.
- [Critical] Sensitive data is exposed to the Android logcat and sent over unsecure http protocol. I do understand that it may be just for testing purposes but still good to note. 1. User Email and hashed password are exposed in a plain format. 2. Images are served via unsecure http protocol like http://app.freel.asia/upload/member/25022018043430406277.jpeg . Protocol scheme should be switched to https, response content should be removed from logs. Personal data like Username and email should be encrypted. It is always better to use auth tokens + expiration sessions instead of sending all user data each time over the network. All those issues could be easily exploited by hackers.
- [Critical] App sends user password in a plain format during the login request. A password should be encrypted.
- [High] It looks like there is no API request caching in place. An application requests the same data from the server each time. It affects performance a lot. I have a high ping due to the big distance to the server and opening most of app tabs takes 4-7 seconds. Users with a low internet speed will have the same issues. However, those users might be a target audience for such application. There are a lot of people who want to earn money by doing GIGs on their mobile phone and it is a common case that they own low-end devices. Caching / storing data on the device might improve performance a lot.
- [Low] App drawer icon text is gray and it not very contrast. Menu items look like disabled. Screen.
- [High] App crashed after opening and closing Mobpay with the back button. Happens every time. Logcat #1.
- [High] App crashed after opening Main activity screen after the previous app crash. Happens every time. Logcat #2.
- [High] App crashes in the background during the usage without internet. High error rate affects ranking in the Google Play and may have a negative impact. Logcat #3.
I would like to address two major issues here:
- There are some Client-Server architecture problems. This app relies a lot on the backend while many business logic parts could be cached/moved to the client side. This leads to the Performance/Security/Stability issues listed above.
- There are some UX problems. Any freelancer platform is a marketplace which means that it has two sides - b2b and b2c (freelancers as a business and job creators as customers). After using this app for a while I still don't have a clear understanding if I can post jobs and apply for them as a freelancer at the same time - there is no clear separation between freelancer UX and Customer UX. Different features for both groups are mixed together. I would prefer to have a switch between "View as a seller" and "View as a buyer" and have a different set of features in each of them (It is done like this in the Fiverr Android app). Alternatively, those features could be separated via UI interface. From my perspective, it would be a core UI issue which I would try to address before release because it should significantly improve usability.
I also didn't cover a lot of functionality and corner cases (I just checked them briefly) but I hope that those bug reports will help.
Happy Testing!Screenshot IScreenshot IIScreenshot III