The use of software developer kits (SDKs) by developers of mobile applications (Apps) remains an effective mechanism for providing a rapid development process. Rather than recreate some specialized functionality, App developers can simply obtain and incorporate an SDK from a third party for integration into an App they are developing. SDKs may for example provide an advertising platform, user analytics, push notifications, content management, etc.
Because mobile Apps must adhere to security principles such as Mobile Inter Process Communications (IPC), e.g., an App cannot control the behavior of other Apps. However, because an SDK must be packaged as part of an App, the SDK may have significant control over various operations associated with the App. One problem that arises in this context is that when runtime errors or performance degradation occur, it is generally not evident if the App itself is responsible or the SDK is responsible.
The impact of such SDK problems to App developers may be significant. For instance, users who come across errors might write a negative comment about the App, stop using the App, or find a more reliable App, even though the fault belongs to the SDK and not the App developer.
Furthermore, for many SDKs, developers are required to pay licensing fees that can be costly. As such, App developers tend to favor well-known SDKs that are considered trustworthy and bug free. Consequently, newer SDKs have difficulty in earning trust within the App developer community, as App developers are unwilling to consider using untrusted SDKs that might introduce runtime issues into their App.