Add your SDK
Home / SDK Economy
Enjoy the best mobile SDKs news, tips & tricks, sent to you by mail

Here’s How SDKs Ruin (or Build) Your Retention and the Actions You Should Take!

December 8, 2015 12:40 PM

I know you already know about the importance of retention. I bet you’ve had it with general retention articles. I know I have.  So excuse me for not covering the basics of the need to take care of the app’s UI, bug fixes, and performance of communication channels. Instead, I want to talk about retention from a different angle – 3rd party SDKs. Almost everyone uses them. But did you know they may have dramatic impact on your retention, good or bad?

Most SDKs are there to help us, in the app business. And they do. Still, sometimes, 3rd party SDKs can actually damage your user retention. Hearing feedback from many app developers using SDKs, I have identified the three main weakness points of SDKs and user retention – Permission pitfalls, performance problems and UX issues. Fortunately, there are ways around each of these.

Continue Reading

SafeDK: Giving Control Back to App Developers in an SDK-Fueled World

November 24, 2015 2:05 PM

Originally published in Medium on behalf of AWS.

SafeDK offers an In-App Protection solution and SDK Marketplace, putting mobile app security and quality back in the hands of app developers. How do we do that?

We’ve all heard of mobile Software Development Kits (SDKs). App developers integrate these off-the-shelf mobile services into their app for many purposes: advertising and payment, analytics and social, and many more. No doubt these SDKs are a great help in the development process, but they might cause various issues ranging from app slowdown and crashes to excessive battery consumption and malicious behavior.

SafeDK monitors the real-time behavior of mobile SDKs and reports privacy, performance, and stability issues. SafeDK also provides developers with remote control over the SDKs. With a simple click of a button, app developers can turn off an entire SDK or a specific SDK permission in real time, preventing a security breach or crucial bug, with no need to release a new version or wait for users to update.

In this post, I’ll share the story about how SafeDK came to be, discuss lessons learned, and explain how AWS has helped to make it all possible.

Continue Reading

5 Steps in Choosing the Right 3rd Party Tools (SDKs) for your Mobile App

November 11, 2015 1:44 PM

SDKs offer so much when it comes to developing a mobile app. As the mobile app industry has evolved, the amount of third party tools available has reached mind-melting numbers. This is both a blessing and a challenge for app developers.

Selecting those SDKs that are right for you is a skill. You don’t want to integrate too many SDKs, so you won’t lose control of your app entirely. You don’t want to be overly cautious and miss important capabilities in your app as well…

At SafeDK, we analyzed hundreds of thousands of apps and SDKs. We’ve talked to countless mobile app developers. We’ve established our SafeDK Marketplace, the one-stop-shop to find the best SDKs for you. This is why we can offer you the following tips to find the SDKs that best fit your needs. Define them, understand them and finally – find the right SDKs for you.

Continue Reading

Do You Know What your SDKs did Last Summer?

October 26, 2015 1:27 PM

Mobile SDKs, these 3rd party tools used in mobile apps, seem to be all over the news lately. And not in a good way. First, 250 apps were banned from the App Store due to an SDK they used that stole private user data. Then, 18,000 Android apps were found to be integrated with an SDK that stole users’ text messages (SMS).

This makes one thing crystal clear: use 3rd party SDKs with great caution and safety measures.

At SafeDK we constantly hear mobile app developers express their concerns about using SDKs on one hand, but we see that SDK usage continues to rise on the other. The same developers that share their unfortunate experiences and cautionary tales then turn around and use a few more without any safety measurements.

Don’t get us wrong, SDKs are a necessity, a fact of modern life. Love them or hate them, mobile app developers just can’t live without them. And the swiftness with which they make apps much more versatile is probably the reason for that.

But still, as an app developer you must constantly be on alert. The wrong SDK might be the end of your app and all your hard work and effort. Don’t think it can happen to you? Well, neither did the 250 iOS apps and the 18,000 Android apps that found themselves breached this past week!

Continue Reading

Why Your SDKs May Get You Banned from Google Play, and How to Avoid It

October 7, 2015 6:33 PM

Did you know? Your SDKs can actually get you kicked out and banned from Google Play. Even the reliable ones. It’s not something we often think of, but it’s a thought we should always keep in mind…read on to find out how this may happen, what’s OK and what’s not, along with some things you can do to keep your app off the naughty list.

Getting banned from Google Play isn’t necessarily exclusive to bad guys. There’s no greater nightmare for app developers than losing Google Play’s trust and being banned. Still, the internet is loaded with stories and cautionary tales of app developers that have found themselves out of the game, left to wonder what went wrong.

Google play is updating its policy every now and then and adds more requirements / restrictions. Sure, I could just ask you to memorize the entire policy by heart, but sometimes the blame doesn’t lie with you, but with the SDKs you’ve integrated into your app. Here are some SDK-related violations that you should pay extra attention to:

Ads at the Wrong Time, In the Wrong Place

Google Play imposes some restrictions when it comes to user experience and ads. For example, There are some important rules when it comes to the how, when and where ads are displayed in your app. Users must be able to close them freely, quickly and at ease; They mustn’t be redirected to another site when they hit the desired X button; You’re not allowed to overlay messages or notifications over other apps either. Some monetization SDKs, however, are not exactly following these requirements.

Avoid the Google play banned list by having good ads UX

Ad displayed correctly.
Image source: android newbies

Continue Reading

Will Mobile SDKs Leave an Aftertaste for Android Marshmallow?

August 27, 2015 1:08 PM

After months of waiting, the official new Android SDK is here – Android 6.0 (better known as Android Marshmallow) has been officially released for developers. First unveiled last May at Google I/O 2015, Android Marshmallow introduced some great new features. One such feature is a new permissions model, called Runtime Permissions, and app developers are going to have to make the necessary adjustments to their apps to deal with this new model. But one very important thing they might not be aware of – the code of the 3rd party tools they are using: the SDKs.

Here at SafeDK we’re constantly thinking about them. How they improve the development process and boost apps on one hand, but are the subject of bugs and security breaches on the other. We’re constantly trying to mediate over that gap, putting a little more love and trust into “this love and hate relationship of app developers and SDK developers”, as our CEO Orly Shoavi puts it. So naturally when we heard of the new permissions model, we sighed “finally…” and then quickly came to think “but what about the SDKs?”

Let’s back up a moment and talk about this new permissions model. Android M (planned to be released around the end of Q3 2015) deprecates the concept of pre-approving a long list of permissions during app install, as well as the ‘take it or leave it’ deal apps and users have today. Starting with Android Marshmallow, users will have the ability to selectively choose which permissions to grant, and moreover will be able to revoke permissions in the Settings screen later on, much like in iOS. The app, on the other hand, will get the opportunity to explain why it requires specific permissions, and will no longer be able to rely on them being granted in advance – every single time an app wants to access some service guarded by a permission, it will have to ascertain it has that permission (and gracefully handle the scenario in which the user declines to grant it). Sounds like a big leap forwards for Android, wouldn’t you say?

Continue Reading

When SDKs Update: To Upgrade or Not To Upgrade

August 5, 2015 12:34 PM

SDKs are on the rise, there’s no denying that. They’re a great way for developers to work out the more common pieces of code often found in mobile applications. These SDKs are the kind that will make their product whole on one hand, but on the other won’t be what sets their solution apart from all the rest.

More and more SDKs are being developed, released and integrated into increasing number of apps. The benefits and services offered to app developers become more versatile and intriguing as time goes by. No matter how much you may dread putting someone else’s code inside your app, it’s getting harder and harder to resist these temptations. Especially when developing them yourself may be too expensive and time consuming.

But much like your own app, SDKs are always trying to better themselves by offering new features, fixing bugs or security risks, etc. Which may sound lovely at first, until you realize a service you’re dependent on has changed. And while change may be a positive thing, it can also break things. So what do you do when an SDK offers a new version? Do you automatically upgrade or do you approach it with much more caution, hoping the current version you use will still be supported in the foreseeable future?

Actually, there are no real guidelines. No easy “do’s and don’ts” list. App developers are left pretty much to rely on their gut reaction and their thorough testing. So let me offer you some food for thought when making these tough decisions.

Continue Reading

Mobile SDKs: Use with Caution

July 22, 2015 11:19 AM

We’ve all heard of mobile SDKs. These off-the-shelf mobile services, which app developers integrate in your app for many purposes: advertising and payment, analytics and social, and many many more. No doubt these SDKs are a great help in your development process. They often offer unique functionalities, simplify your coding and save you precious time and money. It’s not a surprise that the 1,000 most popular apps contain on average 15 SDKs.

But SDKs are not really your code. It is actually someone else’s code interleaved with your own, yet you are liable for it. You are responsible for it in the eyes of Apple, Google and most importantly – your users. Why is this a problem? Well, in this post, I’ll explain two major domains of risk when using SDKs, and spice it up with a few real-life stories.

1. Security, Privacy and Compliance

The dark side of app permissions

Once hosted in the application, the SDK is part of the application code and can access any user data that the application was granted access to. If the app can access users’ location, contacts or private files, so does each and every SDK in the app.

We often see Android SDKs containing code similar to this:

if (context.checkCallingOrSelfPermission(“android.permission.ACCESS_FINE_LOCATION”)
              == PackageManager.PERMISSION_GRANTED) {
     Location userLocalLocation =
                localLocationManager.getLastKnownLocation("gps");
}

The SDK simply checks if the app was granted a permission to access the user’s location, and if so it takes advantage of it and accesses the GPS as well. We can often see that SDKs send this information to external servers.

Let this be a cautionary tale to all you folks integrating SDKs: what the SDK doesn’t tell you may hurt you. In the case above, the SDK could simply not declare using the Location permission and only exploit it should your app have it. All might be done behind the scenes, and worse – behind your back and on your watch.

Continue Reading