Some time ago, Ergouzi’s circle of friends was issued by the Ministry of Industry and Information Technology “on the removal of the list of infringing users’ rights and interests of the notification” to refresh. The announcement said 90 apps will be removed if they fail to comply with the requirements. The 90 apps cover education, gaming, security, news and many other fields across the country. At the same time, the notice said that five companies had repeatedly encountered similar problems in different versions of the App, including illegal collection of personal information, forcing users to use the directional push function, frequent and excessive coercion, and cheating users into downloading. The Ministry of Industry and Information Technology said it will suspend its violation in accordance with the law and will be directly removed from the shelves.

After seeing this announcement, in line with the psychology of eating melon, two dog son went to search the 5 enterprises, found that they have issued a response, said the platform after investigation found that the problem mainly lies in the third party SDK and other aspects.

In fact, this kind of third-party SDK plug-in’s illegal use of mobile phone information was exposed by CCTV as early as the 315 Gala in 2020, and this kind of news often appears on the Internet at present.

So why is the SDK so dangerous, and why are software vendors using it so often? But if you’re talking about an SDK, you’re talking about an API.

The emergence of the API

If you want to understand the API in more detail, you can read “vernacular science, 10s to understand the API”, here to give you a brief introduction.

The full name of API is Application Programming Interface, and the Chinese name is “Application Program Interface”. Generally, it refers to a set of open methods predefined by some service vendors. These methods directly correspond to the service vendor’s own service functionality, making it easy for an application or developer to quickly invoke the functionality without having to understand the details of how the service vendor works. For example, if the user uses the cloud SMS service to develop the function of short message sending, as long as the user chooses the function that he or she wants to achieve according to the document, and then calls the SMS API interface to call the service that he or she wants to use, and does not need to know the technical details of how to deliver the short message to the customer.

The birth of the SDK

With a brief look at the API, let’s return to the SDK that was originally mentioned in this article.

The so-called SDK is actually “Software Development Kit”, namely the abbreviation of the Software Development Kit. It generally refers to a software toolkit that implements product functionality through third-party service providers. Usually, the SDK is provided by a professional company as a set of development tools for building application software for a specific software package, software framework, hardware platform, operating system, etc. Mobile payment technology, voice recognition technology, or storage technology can be a professional collection. It reduces the amount of time developers spend developing each feature of the product as they add new features.

Just like API, SDK is provided by service manufacturers. Developers only need to access relevant SDK, and then do the coordination of relevant functional interfaces. As for the underlying logic, data storage and so on, there is no need to consider.

Differences between APIs and SDKs

So what’s the difference between an API that lets developers use third-party services and an SDK as a result? Why is the SDK inseparable from APIs?

In many cases, the API is more like a subset of the SDK because:

  • An API is usually an interface method with a specific function; The SDK is a collection of features, more like a toolkit;
  • An API is usually the image of a single data interface, while an SDK is equivalent to a tool environment, usually containing all the API functions of a service except for one.
  • The SDK has a higher level of encapsulation than the API.

Why does the SDK roll over so often

At present, as more and more functions are provided by various service providers, and users’ demands for the functions of APP are also gradually increasing, if each function is developed by ourselves, the time and cost will be extended indefinitely. Therefore, the company is more likely to choose a third-party SDK toolkit to implement these functions. As a result, many companies may use the same SDK. Once the privacy of the SDK is leaked, it is no longer only the App of one company that is involved.

So how do you avoid such privacy breaches?

For developers, it is important to choose a third-party SDK with a certain market base as far as possible. For example, try to use the SDK selected in Apple and Google stores for integration.

On a personal level, when downloading apps, it is best to choose App stores with low malicious density, such as Apple’s App Store or the official App Store for Android phones. Do not download apps from websites with unknown origin and unapproved applications. At the same time, in the face of various pop-up permission applications when installing the APP, we must carefully confirm before giving our own location information, mobile phone address book and other privacy rights.

Finally, the state has also been in the policy level to monitor this. Network operators are required to clarify data security requirements and responsibilities for third-party applications that access their platforms, and supervise and urge third-party application operators to strengthen data security management.

At present, domestic mobile phone manufacturers also pay more and more attention to user privacy, and launch “flare” and other privacy protection functions. Once the calls of these APP background behaviors are gradually clear and clear, and the system is willing to give more restrictive means, it probably won’t become a problem to keep its private data.

Recommended reading

Best practices for storing time in MySQL

Ansible Quick Start