How SDKs & Open Source Exposure Affect Your App | AppsFlyer
3 Min. Read

Why Open Source is Exposed: How Integrated SDKs Affect Your App

Danielle Blumenstyk Peterman Jul 20, 2017



As a mobile marketer, you are often asked by service providers to integrate various SDKs into your apps for analytics, monetization, and of course attribution. These SDKs come in many different shapes and sizes, with many different attributes. One of the main characteristics of an SDK is whether it is open source or proprietary. While some companies claim that an open source solution is superior, this doesn’t seem to be the case in practice. Not only is it inferior, open source is actually an exposed SDK, as i’ll explain in this post. 

So what are the actual differences between these two types of SDKs, and how do these differences affect marketers? Let’s take a look.

There are some advantages to utilizing an open source SDK:

  • Transparency – An open source code means the code is fully available for the world to see, and (in most cases) for anyone to contribute. Every library has owners who control final edits, but anyone in the developer community can make suggestions and take part.
  • QA – Creating an open source code usually means it’s a joint community effort, with many different collaborators working together to perfect the code. That means bugs are discovered quicker and solved faster.
  • Customizable – Many developers prefer using open source code as it gives them more freedom to make the tweaks and edits they want.
  • Buzz – Currently, open source anything is all the rage, and since it’s the cool kid on the block, so many companies are trying to integrate open source in any way they can.

However, there are some major downsides that you need to consider when thinking about opting for an open source SDK, and significant advantages to integrating proprietary SDKs in your apps.

  • Exposed – First and foremost, as opposed to a proprietary SDK, an Open Source SDK exposes your code base for all to see, making your entire library visible to anyone. It’s much easier for a bad actor to create fraud when they have access to the ins and outs of the system, and know how it works. Anyone can copy an http request and change parameters to fake data which is sent to the server. Some SDKs have built a logic to help the server understand that the data actually came from the SDK. An open code exposes this logic, making it far more vulnerable to manipulation. 
  • Not Truly Open – Many companies that boast an “open source SDK” only have a semi open one, meaning it can be viewed but not improved by the community. Having an Open Source SDK that external developers can’t really contribute to kind of misses the entire purpose of open source. If the SDK is technically open, but is not in any way open to changes or edits, it therefore lacks one of the key elements of an open source code.
  • Control – Since the code is, well, open, anyone can take the source code of the SDK, alter it as they see fit and integrate it into their app. This can result in a variety of unmonitored and unmeasurable SDK versions, overloading support and making it practically impossible to manage the different “bootlegged” versions of your SDK floating around.
  • Weight – There’s been some chatter on proprietary SDKs affecting the “weight” of the app, meaning how much room it takes up on a user’s phone. But the reality is quite the opposite. In fact, a proprietary SDK enables marketers to know the exact size of the code they’re integrating, while with open source it’s harder to know before it’s already on users’ phones.

Some of these issues are especially tricky for enterprises, as scale is a significant hurdle when working with an open source code. If the code has been changed or modified even in the slightest, any update released will no longer fit the adjusted build, which means every update will require a new round of tweaks and modifications. The result of this would be one big headache.

It’s important for app marketing managers to fully understand the product they are looking into integrating, and the overall effects it could have on both the marketing efforts and their company as a whole. While examining the different options available to them, they must make sure that they carefully inspect and weigh the pros and cons of using an attribution provider with an open source or proprietary SDK, in order to make the best decision for their needs.