The big Facebook crash of 2020 and the problem of third-party SDK creep


You know how people are saying these days that it’s dangerous how companies like Apple and Google control their ecosystems, to the point of accusing them of monopoly? I’m not going to dismiss that completely here, but I think we have a much bigger problem that’s been lurking in our apps for several years, unnoticed: third-party SDK creep.

It’s quite possible that every single app you use on any particular day is running code from Facebook, Google and other data-gathering and data-mining companies. Because of the way this code is integrated — by linking to a dynamic library at build time — it means these companies can effectively control those apps, or worse, access all of the data those apps have access to.

We saw a demonstration of this power yesterday: it was as if Facebook had an “app kill switch” that they activated, and it brought down many of people’s favorite iOS apps — Apple’s appocalypse video never felt so real. Of course it was a bug and not something done intentionally, but it highlights the point that they do have control over apps that include their code.

Even if you don’t sign in with Facebook in a particular app, the app will run Facebook’s code in the background just for having the SDK included. You don’t need a Facebook account for it to track you either, they can track people very well without one.