Helios is now part of Snyk! Read the full announcement here.

SANDBOX

SECURITY

OBSERVABILITY

LANGUAGES

USE CASES

RESOURCES

Replaying flows and troubleshooting issues in mobile app development using OpenTelemetry

Written by


Subscribe to our Blog

Get the Latest News and Content

Helios provides visibility into E2E iOS and Android app flows, so developers can solve issues quickly and easily

 

iOS and Android apps are often a common component of distributed applications, forming a key part of the software architecture. These mobile apps provide another way to access data and perform actions on various services, requiring tight integration between the apps and the components which serve the data and control it. Troubleshooting issues quickly is highly important here.

If you’re a mobile app developer, like all developers you’re likely coming across bugs or issues in your app which need troubleshooting. But the process of fixing these issues may be more difficult because you’re often blind to flows happening behind the scenes. Usually you focus on the mobile app while working against an API or a server which is maintained by other developers. What happens when something goes wrong? You could tell the server-side developer that something isn’t right, but they may come back to you and claim that the server has no problems at all, pointing to tests that are working properly. How do you get to the bottom of the problem?

 

Providing visibility into E2E mobile app flows with OTel

Enter Helios, a developer platform that provides insight into your end-to-end app flows by adapting OpenTelemetry (OTel) distributed tracing data. With Helios, you get visibility into traces, payloads, logs, metrics and errors so you can easily pinpoint issues in your app and fix them quickly. You can also reproduce and create test setup actions from calls made by a mobile app. Specifically, if a certain call causes an error and you proceed to fix it, the original call can be used to build a test which will protect your application and prevent the bug from reoccurring.

A mobile developer, whether working on iOS or Android, can use Helios to find the request that failed from the mobile app and share it as a full E2E trace with the backend developer to solve the problem. Helios is a convenient tool exactly for these moments when integration and collaboration is necessary – especially in these times of remote work.

 

Troubleshooting mobile app flows 

Let’s look at some examples. The first (and most classic) one is an authentication error. Sometimes we can experience authentication issues in our mobile app but the app itself will not reflect the reason for the error – whether our credentials are wrong, the token has expired or some special header is missing. Using Helios trace visualization we can easily see the request coming out from the mobile app and identify exactly what error the server has returned.

 

With trace visualization we can easily see the 401 authentication error from the server back to the mobile app

 

In this screenshot we see the request returned 401 and we can find the exact error – the token has expired. As mentioned above, authentication and authorization errors are usually not exposed to the client side (in this case – the mobile app) for security reasons and in most cases will only show up as a generic ‘unauthorized/request failed’ error. So using Helios, the developer can see exactly what was wrong with the request and understand what needs to be fixed on the mobile app.

Another scenario could be an error occurring deeper in the application. A mobile app can only show an error message returned by the endpoint which is called by the mobile app or even worse, not show anything at all. It could, for example, be a bad request downstream to a third-party product that failed, yet the distributed application continued with its flow.

 

A presumably successful E2E flow that actually did encounter an error along the way – but the mobile developer has no convenient way of knowing about it

 

In this screenshot we see a request to a third-party app which received a rate limit error – but the application flow continued without exposing any error to the mobile developer. Helios gives developers the power to visualize what really happens in their application and its integrations with third-party applications to quickly get to the bottom of why things unfolded the way they have.

 

Replaying mobile app flows

A third scenario which goes beyond just seeing what happens in your flows is the ability to replay or reproduce a flow. For example, if a developer wants to take an existing API call which comes out from the mobile app and replay it against the backend, they do not have to go back to the mobile app to reproduce it or ask the backend developer to give them a hand; Helios provides the option to take the call, change its parameters – from the URL to the payload being sent – and send it using a simple code snippet, cURL, Postman, or even using Helios with a special CLI tool.

 

Easily replaying a flow initiated from a mobile app while troubleshooting the E2E flow

 

Here we see a request where we tried to delete an item using our mobile app (see the user agent) but the server returned an error.
We use Helios to:

  1. See what exactly the server returned – we got a 404 error since the parameter contained a slash
  2. Replay the original call, which came out from the mobile device
  3. Modify the original request and send the right parameter
  4. Validate that the API supports this option of receiving an encoded parameter

 

Understanding your E2E mobile app flows for higher dev velocity

To recap, Helios allows you to see all calls from a mobile app to the backend servers, the interactions between services and other third-party applications, and much more. These capabilities help you understand flows in your application, find hidden underlying issues, and make your system more stable. Helios saves you precious development time, prevents headaches around debugging and adding excess logs for your code, and makes you more independent, without you needing to rely on teammates working on the services you are interacting with.

Subscribe to our Blog

Get the Latest News and Content

About Helios

Helios is an applied observability platform that produces actionable security and monitoring insights. We apply our deep runtime data collection capabilities to help Sec, Dev, and Ops teams understand the actual application risk posture, prioritize vulnerabilities, shorten troubleshooting time, and reduce MTTR.

The Author

Yaron Dinur
Yaron Dinur

Yaron is a senior software engineer at Helios, where he was one of the first employees. Previously, Yaron was a senior software engineer at Yotpo, an eCommerce marketing platform. Yaron has 10+ years of development experience in various engineering fields. He holds a B.Sc from Hebrew University in Computer Science and Cognitive Sciences and a M.A From Reichman University in Human Computer Interaction.

Related Content

Challenges of existing SCA tools
Challenges with Traditional SCA Tools
Application security testing tools are designed to ensure that applications are put through rigorous security assessments to identify security flaws within...
Read More
Banner for blog post - Scaling microservices - Challenges, best practices and tools
The Challenges of Collecting Runtime Data
Collecting data in real-time plays a crucial role in securing, monitoring, and troubleshooting applications. This real-time data, often referred to as...
Read More
Helios Runtime for Appsec
Helios Runtime for AppSec: The missing link in application security
Modern development teams increasingly rely on open-source packages to rapidly build and deploy applications. In fact, most, if not all applications consist...
Read More