A fast-growing digital bank relied on its mobile application for customer onboarding, account access, payments, transfers, account recovery, and card management.
With customers using a varied mix of Android and iOS devices, the bank needed stronger assurance that its most sensitive authentication journeys would perform consistently across supported devices, operating-system versions, and application states.
Fingerprint authentication, facial recognition, and one-time passwords secured key customer journeys, including account access, recovery, and sensitive transactions. The bank had automated many of the surrounding mobile workflows with Appium.
Biometric and OTP validation, however, still depended heavily on manual steps. Device access was limited, authentication behavior varied across operating systems, and OTP-based tests often stopped while testers retrieved and entered verification codes.
By introducing TestGrid’s Real Device Cloud into its mobile testing process, the bank expanded authentication coverage across Android and iOS, reduced regression time, and automated more OTP journeys from beginning to end.
The Challenge
The bank needed to validate authentication workflows across a growing range of Android and iOS devices. But its QA team faced several constraints:
- Biometric scenarios were tested on a small internal device collection. This limited coverage across Android manufacturers, iPhone models, and operating-system versions. System prompts, application permissions, session handling, and fallback behavior could differ between device combinations.
- OTP testing created another bottleneck. Testers often had to leave the banking application, open the device messaging interface, retrieve a verification code, return to the app, and enter the code manually. These interruptions prevented several authentication tests from running unattended.
- The team also needed to test negative and recovery scenarios, including rejected biometric authentication, user cancellation, incorrect OTPs, expired codes, resend limits, interrupted sessions, and fallback to PIN or password.
- Shared physical devices created further delays. Developers and testers competed for access during release validation, which restricted parallel execution and extended the time required to complete authentication regression.
Why the Existing Approach Fell Short
The bank used emulators and simulators during development. This approach worked for early functional testing. However, it didn’t provide enough coverage for authentication journeys that depended on real device and operating-system behavior.
Biometric and OTP workflows would get affected by system authentication prompts, application and messaging permissions, device keyboards, application switching, session state, and manufacturer-specific interfaces.
The bank needed broader access to real iOS and Android devices, greater parallel testing capacity, and a practical way to extend its existing Appium automation.
The TestGrid Implementation
The bank introduced TestGrid’s Real Device Cloud to expand authentication testing across selected Android and iOS devices.
Its QA team created a priority device matrix based on customer usage, operating-system adoption, authentication risk, and manufacturer coverage, then configured its existing Appium suites to run through TestGrid.
The implementation covered:
- Biometric-state validation: On supported Android devices running Android 13 or later, the team used TestGrid’s biometric bypass capability to test successful and failed authentication states. Across the wider Android and iOS matrix, automated application-flow checks were combined with controlled manual validation for:
- System prompts
- Session expiration
- Permission changes
- Authentication cancellation
- Fallback to PIN or password
- Recovery after an interrupted session
- Authentication after an application update
- OTP automation: Appium tests retrieved OTP messages, extracted the verification code, returned to the banking application, and entered the code automatically. This reduced manual intervention across login, device registration, account recovery, transaction authorization, incorrect-code handling, and repeated OTP requests.
- Backend-dependent scenarios: Expired-code and delayed-delivery tests were coordinated with backend services, test data, the messaging provider, and the test environment.
- Parallel regression: Authentication tests ran across multiple Android and iOS sessions during the same regression window, reducing delays caused by shared physical devices.
- Failure investigation: Logs, screenshots, videos, and device-session evidence helped the team determine whether a failure was linked to the application, device, operating system, message delivery, test data, locator, or session configuration.
The Results
Across the first three mobile release cycles, the bank reported:
- 3x increase in authentication coverage: The team expanded validation across more device, operating-system, biometric, OTP, fallback, and session combinations.
- 55% reduction in authentication regression time: Parallel execution and automated OTP entry shortened the time required to complete the agreed regression scope.
- 70% of priority OTP scenarios automated end to end: Most login, registration, recovery, and transaction-verification flows ran without manual code retrieval or entry.
- Earlier detection of authentication issues: The wider device matrix surfaced problems involving biometric fallback, system prompts, OTP entry, application switching, permissions, and session handling sooner.
- Fewer issues during UAT: Broader pre-release coverage allowed the team to resolve more login and verification defects before final validation.
- Reduced dependence on internal devices: TestGrid supported wider release testing while the bank retained its physical device collection for development and specialized scenarios.
“The biggest change was that authentication testing stopped being the part of the release we had to constantly monitor. OTP journeys could continue without someone waiting to retrieve a code, biometric behavior could be checked across a broader real-device matrix, and failures reached engineering with enough context to investigate immediately. We entered UAT with fewer unknowns and far greater confidence in the journeys customers depended on most.” — Head of Mobile Quality Engineering, Digital Bank
Test Digital Banking Authentication With TestGrid
Your mobile banking application must handle authentication consistently across devices, operating systems, application states, and customer journeys.
TestGrid gives your QA team access to real Android and iOS devices and supports Appium execution for biometric-state validation, OTP verification, transaction authentication, and related mobile workflows.
You can run authentication tests across multiple device combinations, automate OTP retrieval and entry through custom Appium workflows, and review execution evidence when failures occur.
Request a free trial to see how TestGrid can expand biometric and OTP test coverage for your digital banking application.