Your unreleased app sits on someone else's cloud for weeks
Test on a device cloud and your app binary, recordings, and logs sit on the vendor's servers for 30–400 days — by their own docs. How long, per vendor.

24 June 2026 · LAB · 2 min
To test your app on a public device cloud, you upload it. That sentence is the whole security review, and most teams skate past it. The app you uploaded — often an unreleased build — does not vanish when the test ends. It sits on the vendor's infrastructure, along with the video of it running and the logs it produced, for a documented period. Here's how long, according to each vendor's own docs.
The retention periods, by vendor
| Vendor | Uploaded app binary | Video / screenshots / logs |
|---|---|---|
| AWS Device Farm | 30 days | logs & video: 400 days |
| BrowserStack (App Automate) | (per plan) | video 30 days; screenshots & logs 60 days |
| Sauce Labs | (with assets) | videos, screenshots, logs: 30 days |
| Firebase Test Lab | (in results) | detailed results: 90 days |
None of these is a scandal. They're all documented, all defensible, and mostly there so you can actually go back and look at a failed run. The point isn't that any vendor is hiding something — it's the arithmetic most buyers never do: your unreleased binary and a screen recording of it running live on a third party's servers for somewhere between a month and well over a year.
AWS Device Farm is the most explicit, and worth reading closely because it's the most generous with time: uploaded applications are retained 30 days, but logs and video recordings are retained 400 days — and after that, the data is deleted, with AWS stating plainly that archiving anything you want to keep is your responsibility. So the recording of your pre-release app runs for over a year by default, and the cleanup is on you to think about.
Why this is the question a security review actually asks
For most teams none of this matters. For some it's the whole decision:
- A fintech app under data-localisation rules can't have its build and network traffic sitting in a vendor's region for 400 days.
- A broadcaster testing an unreleased streaming app — the thing competitors would most like to see early — has to account for a screen recording of it living on someone else's cloud for weeks.
- Any team whose security questionnaire has a "where does our data reside and for how long" line now has to fill it in with a number they don't control.
The honest framing is not "these vendors are careless." It's that using a public device cloud means your app and its artifacts leave your network and persist on someone else's, for a period they set — and that's a fact to weigh, not a footnote to skip.
The alternative that removes the question
There's a category of team for whom the cleanest answer is to not have the data leave at all. That's the bet RobusTest is built on: the devices, the control plane, and the storage all run inside your own network, so the app binary, the video, and the logs never sit on anyone else's infrastructure — there is no retention period to reason about, because nothing was uploaded anywhere.
If your security review has never asked how long your unreleased build lives on a vendor's cloud, it's worth asking once. The numbers above are the ones you'll get back, and for a surprising number of teams, the right number is zero.
- 1 AWS Device Farm — data protection & retention Uploaded applications 30 days; logs 400 days; video & other artifacts 400 days; then deleted — archiving is the customer's responsibility.
- 2 Sauce Labs — viewing test results (asset retention) Videos, screenshots, and logs retained for 30 days.
- 3 Firebase Test Lab — analyzing results Detailed results (logs, screenshots, videos) retained 90 days in a Cloud Storage bucket.
- 4 BrowserStack — App Automate (artifact retention) Video 30 days; screenshots and logs 60 days.
Run this in your own building.
RobusTest is a real device lab — phones, tablets and TVs — installed inside your network. Your devices, your data centre, nothing leaving the building.
Book a demo