SDK Security

Overview

We implemented SDK initialization restrictions to prevent hackers from using your GetSocial App Id in their apps. Mobile devices are not a secure environment. Anyone can decompile the application and steal information like ids that SDKs use for initialization. In “restricted” mode we validate not only App Id but also a signing certificate information you provide on the GetSocial Dashboard.

On Android, we validate if package name and SHA-256 certificate fingerprint of the app match the values provided on the GetSocial Dashboard. On iOS, we validate bundle id and team id.

SDK Security settings on the Dashboard

For all newly created apps “Restrict usage of the SDK” setting on the Dashboard is turned on by default. For apps created before August 3, 2017, toggle is off by default. Please refer to the migration guide below to learn how to enable security for older apps.

Give us your feedback! Was this article helpful?

😀 🙁