It’s 2015. Do you know what your SDKs are up to?

Vetting applications on mobile devices, whether enterprise-issued or employee-owned, is a key part of any security strategy, but a startup based in Herzliya, Israel wants to go a step further.

SafeDK recently launched with $2.25 million USD in seed funding. It’s growing its platform that allows to developers to rate and review software development kits (SDKs) for mobile applications, starting with the Android OS but with iOS capabilities already in development, said co-founder Orly Shoavi.

The platform enables developers to monitor real-time behavior of SDKs and notifies them of privacy, performance, and stability issues. More importantly, said Shoavi, it allows developers to simply turn off SDKs or certain functionality within an SDK without harming app stability, and enables them to update their apps’ new SDK configuration with a simple click, and without the need for version updates. It’s more than just a marketplace, she said. The goal of SafeDK is to support the entire value chain of mobile SDKs.

Everybody uses third-party SDKs, said Shoavi, and while some are open source, many are “black boxes” to a developer – they don’t know what’s inside. Even an excellent developer who follows the rules and writes great code can be affected by a bad SDK.

Bad SDKs introduce problems in two main domains, said Shoavi. The first area is privacy and security, were SDKs take over application permissions to get private data from users, accessing information such as locations, contacts and emails.

“Privacy leaks happen a lot,” she says. SDKs can be used to introduce malware to mobile devices and open backdoors to data that can be exploited.

The other way bad SDKs can affect mobile devices is through reducing quality of service, she said. There’s not always malicious intent but bugs can cause problems such as draining a battery too quickly. “It’s very frustrating for the app developers.”

An application can follow the rules, said Shoavi, but can end up losing users and even get removed from the Apple Store or Google Play because an SDK is causing problems, that’s why the ability to deactivate an SDK or a disable a feature in app is appealing. “It’s not all or nothing.”

For enterprises leveraging mobile apps, security and privacy are critical, and even conservative enterprises need to use SDKs, said Shoavi, and SafeDK provides some insurance. Each SDK in an app on a mobile device can be analyzed by IT, she said. “An application could have good reputation for the enterprise but could still have bad SDKs.”

While there are many tools that look at security and performance of mobile applications, Shoavi said not enough attention has been paid to SDKs, which are sometimes are intentionally created to be malicious and other times nothing more than poorly written code. “It happens.”

But even unintentionally bad SDKs can cause an app to lose functionality or open security holes that can allow external control of a mobile device. Shoavi said SafeDK wants to encourage developers to rate and review SDKs to help other developers and “turn every SDK into a SafeDK. We want to be a one-stop shop to find all bugs and issues.”

 

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Gary Hilson
Gary Hilson
Gary Hilson is a Toronto-based freelance writer who has written thousands of words for print and pixel in publications across North America. His areas of interest and expertise include software, enterprise and networking technology, memory systems, green energy, sustainable transportation, and research and education. His articles have been published by EE Times, SolarEnergy.Net, Network Computing, InformationWeek, Computing Canada, Computer Dealer News, Toronto Business Times and the Ottawa Citizen, among others.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now