In a previous blog post I’ve written (Mobile SDKs: Use with Caution), I mentioned the potential risks related with integrating Mobile SDKs into your mobile app. ‘SDKs’ as in these off-the-shelf 3rd party tools that app developers integrate into their mobile app for advertising, payment, analytics, social and many other functions. We all know that SDKs are a necessity in the mobile development process, but not all app publishers are aware of how these SDKs can affect the app’s performance, stability, battery consumption, security and privacy.
After going through an extensive analysis of a tens of thousands of apps and hundreds of different SDKs, we realized that there are 2 major domains of problems when using 3rd party SDKs. Both are crucial:
- Security and Privacy – SDKs may contain viruses, malwares, backdoors or, most commonly, piggy-bag your app permissions to access your users’ private data.
- User Experience – SDKs may contain bugs, consume a great deal of battery power and data, crash your app, slow down your app, and so forth.
During the last few months, we all read about major SDKs-related issues: apps that were banned from the stores because of a specific SDK that violated Apple or Google regulations, an ad-network SDK which displayed ads that were incompatible with the app’s ‘spirit’ (e-cigarette commercial in a kids app, someone?), marshmellow incompatibility of SDKs in an app that was supposed to be compatible… and the list goes on and on.
Basically, app developers must all ask themselves the following, ASAP:
That’s exactly what led us to establish SafeDK. I focused my entire career on mobile development, and like everyone else, I constantly implemented SDKs the messy way… It took me a while, but I finally realized I was out of control, using so many SDKs. But I sure wasn’t going to work on all these SDKs’ functionalities in-house, so I created SafeDK to provide an optimal and elegant solution to this dilemma. This is simply what we say: Implement as many SDKs as you want, in order to create a wonderful app in the shortest time-to-market possible, but use SafeDK to maintain transparency and control over the SDKs code.
Consider SafeDK to be a companion throughout your entire mobile development journey: from finding the best SDKs for your app in the SafeDK Marketplace, through safe integration, to monitoring and controlling SDKs in real time (yes, in real time), once the app is already up & running using SafeDK In-App Protection.
In the next paragraph I will discuss the Marketplace, our In-App Protection solutions, as well as the super-cool App X-Ray tool.
SafeDK Marketplace – The one-stop-shop for SDKs
To provide developers with the best, most comprehensive SDK information, we provide a marketplace which serves as the developer hub for SDKs. The marketplace brings the mobile developers’ community together to research, review, and discuss the latest SDKs. Each SDK receives ratings and reviews from developers, at the same time developers gain the ability to engage in technical discussions on issues found in various SDKs. This one-stop-shop not only benefits mobile app developers, but also functions as a platform SDK developers can use in order to promote their products to the community.
SafeDK In-App Protection – Transparency and Control on the fly
To safeguard their apps and their users, developers simply need to integrate the SafeDK plug-in into their development environment, then upload the protected app to the store. From that point on, developers gain full transparency and control over their app’s security and quality, with the ability to view live SDK matters, as well as view statistics, turn permissions on-and-off, or remotely deactivate an entire SDK. No additional intervention is required, on the developer’s end, beyond the initial integration.
An immediate bonus, is the optimization of SDKs costs (e.g. immediately stop paying for superfluous data points) and the time saving factor (where are the crashes coming from for god’s sake?!)
What makes SafeDK a crucial solution for developers, is its ability to update their apps’ new SDK configuration with a single click, with no version update needed. Once a developer makes changes in the SafeDK dashboard, these changes automatically propagate to all users across all devices. App developers that use SafeDK stay up-to-date on the latest matters in relation to the SDKs they utilize in their apps, and get real-time statistics and alerts, thus minimizing the length of time during which an app and its users are at risk.
Here’s a glimpse into SafeDK’s features, taken from actual apps’ dashboards:
Network Access Frequency and Latency of the each SDK
Here, the app development team can not only review the number of HTTP requests, but their duration and latency as well. This transparent view allows the app developer to decide if the SDK’s behavior seems legit, or perhaps smells a bit fishy (could the SDK be gathering a lot of information on users, without your consent, thus increasing network usage?).
Here, the app development team can see the frequency of location accesses made by SDKs. Location makes a very delicate issue: users aren’t too thrilled when apps constantly read their location, both in terms of privacy and in terms of battery consumption. App developers should keep in mind that users don’t know and don’t care that it’s not you, the app owner, but your SDKs who is doing this. The app will be held responsible, charged, and might even be sentenced to uninstall.
And then there’s the painful of all spots – crashes. If you only knew this during development, you might not have deployed with SDKs that constantly crash your app. However, the enormous variety, versatility, devices, and users out there can still sometimes sneak up on you. The SafeDK dashboard allows you to know how many and which SDKs are crashing your app. And, if you feel like the SDK isn’t worth all this bad rep you’re getting, well, you can simply turn it off. No need to worry about a new version, and when or if users will upgrade.
And there’s more.
Privacy Alerts on Suspicious SDKs:
If an SDK is trying to access your private users’ data by taking advantage of your app permission, we provide alerts and encourage you to explore the reason for that. And if you don’t want to give up on this SDK, but are still not willing to accept this permission access, we also provide you with the option to deactivate the specific permission for this SDK. This is how it looks:
But wait! this was only the ‘monitor’ part. Remember: we promised to provide control over the SDKs as well…
Well, at mentioned above, once you find a crucial bug or malicious behavior on one of your SDKs, you can issue your SDK a red ticket and order it to stop right away. Simply switch the problematic SDK to “OFF” and you’re done. The SDK’s APIs will not be called anymore for any or all your users, and the bug will be repaired with no need to update a new version on the Play Store.
As we suggested in the Habits Ads case, SafeDK also provides granular control over SDKs’ permissions: you can turn on/off any permission to any SDK without harming the app’s stability. All these deactivations which allow app publishers to control the SDKs in their app, is a SafeDK unique patent-pending technology.
There’s also a special treat:
The SafeDK App X-Ray – Scan any app to find its SDKs
Started as a marketing tool, and very soon got a life of its own – our App X-Ray provides transparency over the SDKs integrated in any Android application. Simply type in a name of an Android application, and get the list of its SDKs. Use it for competition analysis, or for finding the right SDK for your app by comparing with other popular or similar apps. If you’re an SDK developer – come prepared to any sales meeting with app developers knowing, in advance, which one of your competitors app they are currently using (if any).
Be careful – it’s addictive!
There’s no doubt that SDKs are a great asset for app developers. It’s also a well-known fact by now that app quality, stability, and security might be compromised as a result of using other people’s code inside your own. Well, not anymore.
We would love to meet you at our MWC booth and show you a live demo on YOUR APP!