Mobile application developers use a number of languages to natively write their code. Many developers will include third party open source libraries or commercial SDKs for various reasons like performance, compression, analytics and advertising. On average, a given mobile application will include twelve to eighteen third party SDKs. While the iOS and Android security models sandbox applications, there is no separation for embedded third party software.
This means third party SDKs have full access to your application user information (e.g., PII/PHI), networking stack, permissions, and 100% of the data. In many cases, something as simple as not maintaining or updating third party SDKs has led to the exploitation of vulnerabilities and ultimately mobile application data. The security of third-party SDKs within your application is just as important as the native code.
Data Theorem’s App Secure Analyzer Engine continuously scans native code as well as third party open source and commercial SDKs while providing visibility to security issues and privacy flaws within. The App Secure platform alerts developers with insights on every major SDK embedded in their mobile application and the security issues they introduce.
Developers and security teams are given control over these third-party SDKs through recommendations such as update libraries or secure methods to utilize them. Your organization avoids the risk of these third-party SDKs impacting your brand.
Data Theorem helped RingCentral identify and close 30 security issues and remove 27 harmful third-party libraries, all before releasing them to the public app stores.