Pricing Request a Demo
Home / Permissions
Enjoy the best mobile SDKs news, tips & tricks, sent to you by mail

What Does the Upcoming GDPR Mean for Mobile Apps?

November 16, 2017 3:22 PM

Next May, Europe’s data protection rules will undergo a major overhaul. The existing Data Protection Act (DPA), will be replaced by the European Union’s (EU) General Data Protection Regulation (GDPR), a framework that will change how businesses and public sector organizations can handle customers’ personal data – with much tougher punishments for those who fail to abide by the new rules.

The GDPR is meant to unify data protection for all individuals within the EU, as well as address the export of personal data outside of Europe. It aims to return the control over personal data to European nationals and residents and to simplify the regulatory environment in which international business is conducted.

Once implemented, the new regulation will be binding of all companies processing and holding personal data of people residing in the European Union, regardless of the company’s location. This includes mobile apps. Businesses will have to prove they have made the necessary changes to protect user data, or face hefty fines for noncompliance – 20M Euros of 4% of their annual profit. What’s more, mobile apps found to be noncompliant run the risk of being banned from app stores; a risk no business should be willing to take.

Continue Reading

[Report] How Extensively Do 3rd Party Mobile SDKs Access Private User Information?

October 25, 2017 5:23 PM

Transparency of mobile SDK activity has been on our mission statement since day one. Our flagship product was based on the sole interest of providing app publishers with just such transparency over the 3rd party tools they’ve integrated into their app.

We’ve also been on the forefront of SDK usage data. We’ve been releasing quarterly reports for over a year now, detailing the state of the Android market by following usage trends, pointing out which up and coming SDKs are conquering the mobile world by storm and seeing how competing or complementary tools control their respective market shares.

Now, with growing user awareness and concerns about private data leaking to 3rd parties, as well as big conglomerates being sued for 3rd party violations, we’ve combined both transparency objects. Our latest report has an added section detailing what kinds of private user information mobile SDKs are trying to access. It is especially important for mobile apps with European users who must be prepared for the upcoming GDPR which will start to be enforced in May 2018, holding apps solely responsible for reading private user information without explicit consent, regardless if the action is made by the app itself or a third party tool it has integrated.

Looking at over 190,000 top mobile apps against a database of over 1,000 libraries, this is our most extensive and thorough report to date.

Main Highlights

Please note that we are sharing here a partial selection of the findings that are presented in the full report. To access the full report (download is free) click here.

Continue Reading

Enough with the Mobile SDK Mess: A New Technology Is Born

February 9, 2016 4:05 PM

SafeDK is presenting at MWC – Set a demo meeting!

In a previous blog post I’ve written (Mobile SDKs: Use with Caution), I mentioned the potential risks related with integrating Mobile SDKs into your mobile app. ‘SDKs’ as in these off-the-shelf 3rd party tools that app developers integrate into their mobile app for advertising, payment, analytics, social and many other functions. We all know that SDKs are a necessity in the mobile development process, but not all app publishers are aware of how these SDKs can affect the app’s performance, stability, battery consumption, security and privacy.

After going through an extensive analysis of a tens of thousands of apps and hundreds of different SDKs, we realized that there are 2 major domains of problems when using 3rd party SDKs. Both are crucial:

  • Security and Privacy – SDKs may contain viruses, malwares, backdoors or, most commonly, piggy-bag your app permissions to access your users’ private data.
  • User Experience – SDKs may contain bugs, consume a great deal of battery power and data, crash your app, slow down your app, and so forth.

During the last few months, we all read about major SDKs-related issues: apps that were banned from the stores because of a specific SDK that violated Apple or Google regulations, an ad-network SDK which  displayed ads that were  incompatible with the app’s ‘spirit’ (e-cigarette commercial in a kids app, someone?), marshmellow incompatibility of SDKs in an app that was supposed to be compatible… and the list goes on and on.

Basically, app developers must all ask themselves the following, ASAP:

Do I really know what’s going on with my app's SDKs? Can I really vouch for my app when I use so many 3rd party codes?

That’s exactly what led us to establish SafeDK. I focused my entire career on mobile development, and like everyone else, I constantly implemented SDKs the messy way… It took me a while, but I finally realized I was out of control, using so many SDKs. But I sure wasn’t going to work on all these SDKs’ functionalities in-house, so I created SafeDK to provide an optimal and elegant solution to this dilemma. This is simply what we say: Implement as many SDKs as you want, in order to create a wonderful app in the shortest time-to-market possible, but use SafeDK to maintain transparency and control over the SDKs code.

Continue Reading

6 New Year’s Resolutions for Mobile App Developers

December 31, 2015 4:16 PM

Welcome 2016! The new year is finally here.

For some, the Gregorian’s calendar birthday is an event worth celebrating as much (if not more so) than their own, while others may dismiss it as nothing more than a simple change of digits. But let’s admit something – when a new year arrives, it doesn’t go unnoticed. With everyone around rating the past year’s best and worst in numerous categories, I too find the occasional thought popping in, asking myself “what can I do different, better, from now on?”

So it got me thinking. I’ve been enthralled in the world of mobile development for quite some time now. I’ve seen things; I’ve done some; I’ve been around the mobile block.

Thinking of programming in general, and mobile programming in specific, I’ve gathered these 6 New Year’s resolutions that are not only how I wish to better myself, but also how I hope my fellow app developers are nicer to one another, code-wise.

Continue Reading

SafeDK: Giving Control Back to App Developers in an SDK-Fueled World

November 24, 2015 2:05 PM

Originally published in Medium on behalf of AWS.

SafeDK offers an In-App Protection solution and SDK Marketplace, putting mobile app security and quality back in the hands of app developers. How do we do that?

We’ve all heard of mobile Software Development Kits (SDKs). App developers integrate these off-the-shelf mobile services into their app for many purposes: advertising and payment, analytics and social, and many more. No doubt these SDKs are a great help in the development process, but they might cause various issues ranging from app slowdown and crashes to excessive battery consumption and malicious behavior.

SafeDK monitors the real-time behavior of mobile SDKs and reports privacy, performance, and stability issues. SafeDK also provides developers with remote control over the SDKs. With a simple click of a button, app developers can turn off an entire SDK or a specific SDK permission in real time, preventing a security breach or crucial bug, with no need to release a new version or wait for users to update.

In this post, I’ll share the story about how SafeDK came to be, discuss lessons learned, and explain how AWS has helped to make it all possible.

Continue Reading

5 Steps in Choosing the Right 3rd Party Tools (SDKs) for your Mobile App

November 11, 2015 1:44 PM

SDKs offer so much when it comes to developing a mobile app. As the mobile app industry has evolved, the amount of third party tools available has reached mind-melting numbers. This is both a blessing and a challenge for app developers.

Selecting those SDKs that are right for you is a skill. You don’t want to integrate too many SDKs, so you won’t lose control of your app entirely. You don’t want to be overly cautious and miss important capabilities in your app as well…

At SafeDK, we analyzed hundreds of thousands of apps and SDKs. We’ve talked to countless mobile app developers. We’ve established our SafeDK Marketplace, the one-stop-shop to find the best SDKs for you. This is why we can offer you the following tips to find the SDKs that best fit your needs. Define them, understand them and finally – find the right SDKs for you.

Continue Reading

Why Your SDKs May Get You Banned from Google Play, and How to Avoid It

October 7, 2015 6:33 PM

Did you know? Your SDKs can actually get you kicked out and banned from Google Play. Even the reliable ones. It’s not something we often think of, but it’s a thought we should always keep in mind…read on to find out how this may happen, what’s OK and what’s not, along with some things you can do to keep your app off the naughty list.

Getting banned from Google Play isn’t necessarily exclusive to bad guys. There’s no greater nightmare for app developers than losing Google Play’s trust and being banned. Still, the internet is loaded with stories and cautionary tales of app developers that have found themselves out of the game, left to wonder what went wrong.

Google play is updating its policy every now and then and adds more requirements / restrictions. Sure, I could just ask you to memorize the entire policy by heart, but sometimes the blame doesn’t lie with you, but with the SDKs you’ve integrated into your app. Here are some SDK-related violations that you should pay extra attention to:

Ads at the Wrong Time, In the Wrong Place

Google Play imposes some restrictions when it comes to user experience and ads. For example, There are some important rules when it comes to the how, when and where ads are displayed in your app. Users must be able to close them freely, quickly and at ease; They mustn’t be redirected to another site when they hit the desired X button; You’re not allowed to overlay messages or notifications over other apps either. Some monetization SDKs, however, are not exactly following these requirements.

Avoid the Google play banned list by having good ads UX

Ad displayed correctly.
Image source: android newbies

Continue Reading

Will Mobile SDKs Leave an Aftertaste for Android Marshmallow?

August 27, 2015 1:08 PM

After months of waiting, the official new Android SDK is here – Android 6.0 (better known as Android Marshmallow) has been officially released for developers. First unveiled last May at Google I/O 2015, Android Marshmallow introduced some great new features. One such feature is a new permissions model, called Runtime Permissions, and app developers are going to have to make the necessary adjustments to their apps to deal with this new model. But one very important thing they might not be aware of – the code of the 3rd party tools they are using: the SDKs.

Here at SafeDK we’re constantly thinking about them. How they improve the development process and boost apps on one hand, but are the subject of bugs and security breaches on the other. We’re constantly trying to mediate over that gap, putting a little more love and trust into “this love and hate relationship of app developers and SDK developers”, as our CEO Orly Shoavi puts it. So naturally when we heard of the new permissions model, we sighed “finally…” and then quickly came to think “but what about the SDKs?”

Let’s back up a moment and talk about this new permissions model. Android M (planned to be released around the end of Q3 2015) deprecates the concept of pre-approving a long list of permissions during app install, as well as the ‘take it or leave it’ deal apps and users have today. Starting with Android Marshmallow, users will have the ability to selectively choose which permissions to grant, and moreover will be able to revoke permissions in the Settings screen later on, much like in iOS. The app, on the other hand, will get the opportunity to explain why it requires specific permissions, and will no longer be able to rely on them being granted in advance – every single time an app wants to access some service guarded by a permission, it will have to ascertain it has that permission (and gracefully handle the scenario in which the user declines to grant it). Sounds like a big leap forwards for Android, wouldn’t you say?

Continue Reading

The Marshmallows Are Coming: New Permissions Model is Almost Here

August 19, 2015 7:35 PM

Earlier this week, Google ended months of speculations and announced Android M will be decorated with fluffs of Marshmallow. And with the big name revealed, the official version has been released and it’s time for app developers to make the necessary adjustments towards the new version, set to hit mobile devices late this fall.

What adjustments are those? Well, perhaps the biggest and most exciting one is the new permissions model.

Since its’ inception, Android has employed a then innovative permissions approach. Each sensitive component was wrapped with its’ own set of permissions and each application had to both inform the user of what it will access, as well as request his approval for such accesses. Sensitive data like user’s personal information or location, as well access to the user’s own files or phone records, were no longer done in secret behind the scenes. This was certainly a big important step up from the way things used to be (and still are) with computer applications.

However, Android’s permissions model also had a few stings:

  1. It bombarded the user upon app installation with the often long and daunting list of permissions.
  2. It was a package deal – an ‘all or nothing’ situation.
  3. It was an ever-growing mayhem – Many actions were split into several permissions (for instance, read vs. write) and as features and capabilities continued to grow, so did the complex permissions model.
  4. Android displayed its’ own description of the permissions, a description that sometime sounded scarier than it was for the casual user.

With Marshmallow, that’s all about to change. Let’s see what it’s all about…

Continue Reading

When SDKs Update: To Upgrade or Not To Upgrade

August 5, 2015 12:34 PM

SDKs are on the rise, there’s no denying that. They’re a great way for developers to work out the more common pieces of code often found in mobile applications. These SDKs are the kind that will make their product whole on one hand, but on the other won’t be what sets their solution apart from all the rest.

More and more SDKs are being developed, released and integrated into increasing number of apps. The benefits and services offered to app developers become more versatile and intriguing as time goes by. No matter how much you may dread putting someone else’s code inside your app, it’s getting harder and harder to resist these temptations. Especially when developing them yourself may be too expensive and time consuming.

But much like your own app, SDKs are always trying to better themselves by offering new features, fixing bugs or security risks, etc. Which may sound lovely at first, until you realize a service you’re dependent on has changed. And while change may be a positive thing, it can also break things. So what do you do when an SDK offers a new version? Do you automatically upgrade or do you approach it with much more caution, hoping the current version you use will still be supported in the foreseeable future?

Actually, there are no real guidelines. No easy “do’s and don’ts” list. App developers are left pretty much to rely on their gut reaction and their thorough testing. So let me offer you some food for thought when making these tough decisions.

Continue Reading