Open Source Software (OSS) & Commerical SDKs
Mobile apps, both iOS and Android, are built with native code (Objective-C, Swift, and Java); however, developers always include 3rd party open source libraries or commercial SDKs. On average, a given mobile app will include 12 to 18 open source libraries or commercial SDKs, ranging from performance, compression, analytics, to Ads. While the iOS & Android security model sandboxes apps, there is no separation for 3rd party software. Thus, any open source library and/or commercial SDK has full access to your app’s user information (PII/PHI), networking stack, permissions, and 100% of its data. More details on the problem is here.
Open Source/SDK Scanning
Data Theorem’s OSS/SDK scanning allows customers to scan 3rd party software for security issues and privacy flaws. Our platform will provide developers and security teams 100% visibility of every major SDK/library embedded in the app, and display any & all security/privacy issues introduced by the 3rd party software. The platform will give you visibility and control over the open-source software and commercial SDKs, avoiding embarrassment or compliance issues as any security issue or privacy flap appears as your app to the general public (the embedded OSS/SDK is usually not obvious to the general public).