Mobile QA Engineer (Android & iOS)

GroupsApp – A Social Networking Platform for Interest-Based Communities

Role Overview
We are seeking a detail-oriented Mobile QA Engineer to lead the quality assurance efforts for GroupsApp. You will be responsible for ensuring a seamless, bug-free experience for users looking to connect over shared interests. You will work closely with our India-based development team to identify, document, and verify fixes for issues ranging from UI glitches to complex real-time notification failures.

Key Responsibilities
1. Functional & Social Feature Testing
Core Workflows: Validate the end-to-end user journey: Sign-up/Login, Profile Creation, Group Discovery, Joining/Leaving Groups, and Posting (Text, Image, Video).
Real-Time Interactions: Test the reliability of push notifications, real-time chat, and live feed updates.
Edge Cases: Test "unhappy paths" like interrupted uploads, expired sessions, and account recovery.

2. UI/UX & Usability Testing
Visual Integrity: Ensure pixel-perfect implementation of designs across various screen sizes (e.g., iPhone 15 vs. SE; Samsung S24 vs. Pixel).
Responsiveness: Verify that transitions, animations, and gestures (swiping, long-pressing) are fluid and intuitive.
Accessibility: Check font scaling, dark mode transitions, and screen reader compatibility.

3. Compatibility & Performance Testing
OS Fragmentation: Test on multiple versions of iOS (16+) and Android (11+).
Network Stability: Evaluate app behavior under 3G, 4G, 5G, and intermittent Wi-Fi conditions.
Resource Usage: Monitor for excessive battery drain, memory leaks, and high data consumption during long sessions.

4. Security & Penetration Testing
1. Input Validation & Injection Attacks
XSS & Code Injection: Test for vulnerabilities where malicious scripts (JavaScript, HTML) can be injected into comment sections, group names, or user bios.
SQL Injection: Verify that user inputs (search bars, login fields) are sanitized to prevent unauthorized database queries.
File Upload Security: If the app allows image/video uploads, test if a "disguised" malicious file (e.g., a script renamed as .jpg) can be uploaded and executed.
2. Authentication & Session Management
Brute Force Protection: Verify that the app locks or throttles accounts after multiple failed login attempts.
Session Hijacking: Ensure that session tokens are securely handled and invalidated upon logout or after a period of inactivity.
IDOR (Insecure Direct Object Reference): Test if a user can access another user's private data or "private groups" by manually changing an ID in an API request.
3. Data Protection (At Rest & In Transit)
Man-in-the-Middle (MitM) Attacks: Use tools like Burp Suite or Charles Proxy to ensure that data sent to the server is encrypted via SSL/TLS and cannot be intercepted in plain text.
Insecure Local Storage: Check that sensitive information (like login tokens or personal chats) is not stored in plain text in the phone’s local cache or "SharedPreferences/UserDefaults."
4. Reverse Engineering & Binary Protection
Code Obfuscation: Verify that the app's code is obfuscated so it cannot be easily decompiled and read by hackers to find vulnerabilities.
Root/Jailbreak Detection: Test if the app can detect and/or restrict sensitive actions when running on a compromised (rooted or jailbroken) device.

5. Collaboration & Reporting
Bug Tracking: Document defects with clear "Steps to Reproduce," logs, and screen recordings using tools like Jira, Trello, or Asana.
Dev Team Sync: Communicate daily with the Indian development team to clarify bugs and verify hotfixes.

Required Skills & Qualifications
Experience: 3+ years in mobile application testing (iOS and Android).
Platforms: Deep familiarity with Apple App Store and Google Play Store guidelines.
Tools: Experience with Firebase Crashlytics, TestFlight, Google Play Console, and proxy tools like Charles Proxy or Postman (for API testing).
Communication: Fluent in English with the ability to explain technical issues clearly to remote developers.
Mindset: A "break-it" mentality—you enjoy finding the scenarios the developers didn't think of.
Security Standards: Familiarity with the OWASP Mobile Top 10 security risks.
Security Tools: Proficiency with OWASP ZAP, Burp Suite, or MobSF (Mobile Security Framework).
Testing Logic: Ability to perform manual "Penetration Testing" (thinking like a hacker to find logic flaws).



API Testing
Regression Testing
Load Testing
Application Security
Mobile Security
Vulnerability Assessment
Ethical Hacking
Security Testing
Penetration Testing
Functional Testing
Manual Testing
Testing & Qa
Usability Testing
Android App
Mobile App Testing
iOS Apps

 ... Show more