The weak and broken world of SDK Security.

An SDK is short for “Software Development Kit”. It simply means a library the app developer integrates to help them do something.

By definition, an SDK is other people’s code. This also means other people’s mistakes, security vulnerabilities and other people’s malicious intents.

SDK and SAAS (software-as-a-service) companies make a lot of promises with those SDKs: some promise to prevent fraud, others promise tamper protection, others promise to use use AI to protect you.

Those promises are beautiful, but the reality of the world is that mistakes, errors and vulerabilities are a natural part of any technical product, regardless of the developer’s intentions. World-reknowned computer scientist and creator of the fault-tolerant Erlang language, Joe Armstrong, repeats this point time and time again.

Listen to Vikarious founder speak on the failures of the Mobile Ad industry to secure their SDKs and the catastrophic ramifications and breach of trust this brought to billions of their clients.

What we Provide.

It is necessary to trust and even more necessary to delegate since no technical project is developed in isolation.
But it is important to remember the rest of the old adage:

Trust, but Verify.

It’s our job to help you, the App Developer, understand your attack vectors, lower your blind spots, and have a complete and clear picture of your shortcomings before an attacker exploits them. We’ll run a detailed analysis of your dependencies and SDKs to understand and tell you what they really do and consult you in finding alternatives or communicating with them.

It is also our job to help you, the SDK developer, understand and mitigate your attacker vectors and user privacy concerns.

Learn more about our process