To avoid additional mobile app testing challenges, production builds must only use production web services for the security of the developer and ultimately the end user. Builds hosted outside of these reputable production web services have the potential to be more vulnerable to security breaches. A 12-factor mobile app production build must not allow users to switch to a non-production backend environment at runtime. Hence, a production mobile app build is a binary difference from builds for other environments (Dev/QA/Staging). To mitigate some of the risks involved in this process, developers can tap the following techniques:
- Limit the differences between production and non-production app builds to a small number of compile-time configuration items (e.g., only switch backend endpoints).
- Use mobile app beta distribution channels (e.g., Apple TestFlight and Google Play Beta Channels) to make sure you are testing the same binary that will be released to the public app stores.