Home Mobile After GDPR Inspires Developers To Snip Unused SDKs, It’s Back To Biz As Usual

After GDPR Inspires Developers To Snip Unused SDKs, It’s Back To Biz As Usual

SHARE:

For many app publishers, the General Data Protection Regulation (GDPR) was an opportunity to examine each of their many SDK integrations and ask, “Does it spark joy?”

The answer, in many cases, was no: It sparks the potential for data leakage and compliance headaches.

In 2018, the number of unused SDKs – those that a publisher integrated but stopped using and never actually removed – dropped by 1.2, according to a SafeDK report released Monday that analyzes 190,000 top-charting apps in the Google Play store.

At the same time, the total number of SDK integrations held steady at an average of 18.

Put another way, publishers are working with more SDKs overall while also getting rid of “legacy SDKs that might have just been sitting there for ages not being called,” said Ronnie Sternberg, chief business officer and co-founder of SafeDK, an SDK management platform.

Even if an SDK is simply sitting within an app unused, the code could pose a silent security risk if it’s accessing data without the proper permissions.

App publishers use SDKs for a variety of wholly legit reasons, of course, including crash reporting, payments, advertising and attribution analytics. “But if you’re an app publisher, you’re accountable for all of the SDKs in your app,” Sternberg said.

That gives publishers a good reason to declutter their stacks, but it’s a task that often doesn’t make it very high on the to-do list unless a compliance challenge like GDPR looms on the horizon.

“It’s not difficult to clean up unused SDKs, but it’s also not a high priority for a lot of developers, because it’s more important to them to update their game than think about something like GDPR and how SDKs could make them vulnerable,” said Sagi Schliesser, CEO and founder of Israeli game studio TabTale.

TabTale is a fairly large company with roughly 250 employees spread across Tel Aviv, China and Eastern Europe, around 70 million monthly active users and the resources to tackle GDPR compliance. “Legal budgets increased twentyfold,” Schliesser said, only half joking.

But regardless of their size, developers must take precautions to protect themselves – and they are, Sternberg said.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

In the months leading up to May 2018, which is when GDPR became the privacy law of the land across Europe, SafeDK, which helps app publishers monitor and manage their SDK partnerships, noticed a slowdown in SDK integrations while parties up and down the supply chain endeavored to get their ducks in a row.

“Developers are asking their SDKs what information they’re accessing and for what purpose,” Sternberg said. “If an SDK wants access to location or private user data, publishers are now asking why. They weren’t necessarily asking before and maybe didn’t even know to ask.”

But regardless of the obligation to comply with regulations, app publishers also have a moral obligation of sorts not to partner with less-than-savory third parties – despite the temptations.

Audiomack, a free, youth-focused music streaming app with 1.5 million daily active users, hundreds of thousands of whom are based in Europe, is regularly approached by companies with shady-sounding requests.

“They ask us to put SDKs in our app that track location in the background or ping beacons … they offer us a significant amount of money to do it – and we always turn them down,” said Dave Macli, Audiomack’s founder and a pre-Google DoubleClick vet. “But you also have to be careful with some of the ad networks that might try to track your users and not even tell you.”

People will willingly opt in to share location or other data points, however, if they are told why it’s wanted. The reasoning makes sense – and the data isn’t used for anything else. Audiomack asks its users to share location so they can see popular music in their area, and only 13% of users decline.

Most apps (58.6%) have at least one SDK accessing location-related information, unexpectedly up a smidge from 56% at the end of 2017 before GDPR went into effect, according to SafeDK’s research.

“It was definitely surprising to see that,” Sternberg said. “But, on the other hand, publishers are trying to give their users a tailored experience, and a lot of the time that has to do with location.”

Must Read

LiveRamp Outperforms On Earnings And Lays Out Its Data Network Ambitions

LiveRamp reported an unexpected boost to Q3 revenue, from $160 million last year to $185 million in 2024, during its quarterly call with investors on Wednesday.

Google in the antitrust crosshairs (Law concept. Single line draw design. Full length animation illustration. High quality 4k footage)

Google And The DOJ Recap Their Cases In The Countdown To Closing Arguments

If you’re trying to read more than 1,000 pages of legal documents about the US v. Google ad tech antitrust case on Election Day, you’ve come to the right place.

NYT’s Ad And Subscription Revenue Surge As WaPo Flails

While WaPo recently lost 250,000 subscribers due to concerns over its journalistic independence, NYT added 260,000 subscriptions in Q3 thanks largely to the popularity of its non-news offerings.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Mark Proulx, global director of media quality & responsibility, Kenvue

How Kenvue Avoided $3 Million In Wasted Media Spend

Stop thinking about brand safety verification as “insurance” – a way to avoid undesirable content – and start thinking about it as an opportunity to build positive brand associations, says Kenvue’s Mark Proulx.

Comic: Lunch Is Searched

Based On Its Q3 Earnings, Maybe AIphabet Should Just Change Its Name To AI-phabet

Google hit some impressive revenue benchmarks in Q3. But investors seemed to only have eyes for AI.

Reddit’s Ads Biz Exploded In Q3, Albeit From A Small Base

Ad revenue grew 56% YOY even without some of Reddit’s shiny new ad products, including generative AI creative tools and in-comment ads, being fully integrated into its platform.