Protecting mobile user data in the age of GDPR
Welcome back to What’s NEXT, a podcast from Samsung NEXT exploring the future of technology. In this episode, I talk with SafeDK co-founder Ronnie Sternberg about how her company helps mobile developers keep private user data safe, particularly in the era of GDPR.
Ryan Lawler: Welcome to the show, Ronnie.
Ronnie Sternberg: Thank you for having me.
Ryan Lawler: To start, maybe tell us, what is SafeDK, and what does the company do?
Ronnie Sternberg: Okay, so we have a solution that helps app publishers monitor and control their third party SDKs that they integrate within their app.
Ryan Lawler: How many … When we talk about third party SDKs, an app developer builds an app, and then they plug in all these different parts from other developers, and they’re called SDKs. What’s the point of each of those SDKs?
Ronnie Sternberg: I can tell you that, right now on average, an app publisher integrates 18 different SDKs into their app. It’s third party code that they do not write. They do not know exactly what it does, but it has different functionalities. The most common ones are advertising SDKs and analytics, some social payment SDKs, advanced technologies, VR, AR. We see the rise of them, as well. The idea is that publishers don’t need to reinvent the wheel and write something from the start, but take these off the shelf to enhance their app. On average, there are now 18 SDKs, and when we started the company, there were only 13 SDKs on average in a mobile app.
Ryan Lawler: So 18 is the average number of SDKs, which means that … I’m sure there are some apps that have a lot more. What’s the most number of SDKs that you’ve seen integrated into a single app?
Ronnie Sternberg: We have a publisher that had, in its peak, about 70 SDKs, 7-0. We see different apps that have around 60, many with 48 SDKs, around 50 SDKs. That’s crazy! Most publishers that use us have around 30 SDKs, anywhere between eight and 30, that’s-
Ryan Lawler: That’s the sweet spot.
Ronnie Sternberg: Yeah, yeah.
Ryan Lawler: Okay, when you say you started the company, how long has that been?
Ronnie Sternberg: We started the company four years ago, in 2014, and the idea was to give some kind of transparency into the world of mobile SDKs to app publishers.
Ryan Lawler: Okay, so just in the last four years, the number of SDKs that app developers are using has increased by 50%. What’s that increase come from? Are there new SDKs or use cases that people want to plug in, or are they just getting more comfortable with the idea of this third party code running in their app?
Ronnie Sternberg: There are a few parts to that answer. One is that they use more SDKs for the same purpose. You use one SDK for advertising. You don’t stick to just one. You take four of them, to have more flexibility and to see who’s running better campaigns in your app. There are advanced technologies, as I mentioned, VR, AR, machine learning, cloud base, so there are new capabilities that are now available, that weren’t available four years ago. Publishers, although they don’t always like using SDKs, they got used to it.
Ryan Lawler: Okay, so how did you get started? What was your personal career and background, before founding SafeDK?
Ronnie Sternberg: I actually started my career in New York. I studied finance and international business at NYU. Then, like every graduate, I went to work in consulting. After five years in the States, I moved back to Israel, and I joined Benny Landa. He’s the father of digital printing. I joined him when he opened a new startup, after selling his old one to HP, and I was in charge of all the business development, OEMs, marketing. Then, after seven years, I decided it was time to start something of my own, and I met Orly, my cofounder, and then we started SafeDK.
Ryan Lawler: When you first started those conversations with Orly, how did that kick off? I’m always curious, just cofounder relationships, and how they find each other, and how they decide to work together.
Ronnie Sternberg: This is actually a very funny story, because Orly and I met through a common friend. She studied with me, my MBA, and worked with Orly in Intel, and she said, “Listen. You have to meet Orly. She’s thinking about starting a startup.” I said, “Okay, I’ll meet Orly.”
We met on a Tuesday evening, the day I left my old job, and we started SafeDK on the following Sunday. That was it. We met each other. It was love at first sight, and that was it. We started the company. We said, “Okay, we’ll try a month. We’ll see that it works out.” Now, we’re four years later, and things are going well.
Ryan Lawler: How did the idea come about when you first started talking about it?
Ronnie Sternberg: Yeah, so in Orly’s previous job, she worked in a company called Telmap, which was acquired by Intel. The idea was they had a navigation app. From her own experience of trying to find SDKs, the right SDKs, and to, once they integrated, to finish QA and everything, suddenly in specific countries, specific versions, the SDKs caused problems, excessive battery consumption or crashes, and she said, “It can’t be that we’re working so hard and eventually we’ll get stuck with it.”
She came up with the idea. She shared it with me and that was it. We, of course, tried to see if the market needs it, and not just us, but that’s where it came from.
Ryan Lawler: When you were originally founding this idea, was it specifically around performance or security or what was the need for managing all these SDKs?
Ronnie Sternberg: We do a few things. The first one was performance to see exactly privacy issues, or SDKs accessing private user data, who’s crashing the app, who’s slowing it down, excessive network consumption or location consumption, and our patented technology is the ability to turn off SDKs remotely, so if there is a critical bug or some kind of malfunction, you can turn off the SDK remotely, and it penetrates to all the users out there, and you don’t need a version update, which is always a painful thing.
The last part is 18 months ago, we started with a small feature that gave transparency into the ads that run within apps. It’s called the Ad Intelligence, and it started just to show publishers which ads run within their app. It got a life of its own. Publishers really wanted to know this information. They had lack of transparency, and that’s how the Ad Intelligence became the third pillar of our solution.
Ryan Lawler: Got you. When you talk to customers, how many of them are interested in the performance section versus security versus third party privacy issues?
Ronnie Sternberg: It’s interesting. I think ones that do not have ads at all, they care very much about the privacy, and with the GDPR that everybody’s been hearing about for so long now, they care even more about privacy. There’s always the issue of performance. When it comes to companies with ads, they come for the ads, and then they figure out that they can get so much more out of our solutions, so they use everything else also, but they came for the ads.
Ryan Lawler: Okay, let’s break this down into different parts. Let’s start with ads. You recently published a blog post, which was like, these are the ads that are appearing in your apps. Talk me through some of the types of ads that you found in that process.
Ronnie Sternberg: Yeah, so we see inappropriate ads on an hourly basis on customers’ dashboards. It means that these ads are showing in kids’ apps, in casual games, in news publishers. There are inappropriate ads running everywhere. Now, inappropriate might be porn, but it can be just casino games, or it can be something that’s not suitable for kids, such as trading. We see these horrifying ads running out there, and publishers don’t always know, or usually do not know that happens, until somebody raises a flag.
Ryan Lawler: Actually, the ad filtering part … It’s interesting to me. I feel bad for the people that actually have to mark things as inappropriate, because they probably just see the worst content that you could possibly see, but what’s the actual process? Does a user or does a developer flag something, and then you have a team that looks at it and marks it as inappropriate, or how does that work?
Ronnie Sternberg: There are two ways that it works. The first one is we have a team of students, and they review images, and they know if it’s a kids’ app, or if it’s a casino app, or if it’s a news publisher, just to know what type of content is inappropriate. They mark it by themselves, and this all goes and fed to our algorithm that it teaches it to recognize inappropriate ads on its own.
On the other hand, publishers can flag or unflag ads, as well. They can choose, okay, this ad, we found that it was inappropriate it is appropriate, so if they have no issue, they unflag. What they do next is they choose all the ads that they marked as inappropriate or we did, and send it to the ad network. They send it to a specific network and say, “Okay, listen guys. These are the ads that you showed in our app. Please make it stop.” That’s why, now, we’re working with the SDK side of that, as well, to help them eliminate the inappropriate ads quickly, either inappropriate or buggy ads, as well.
Ryan Lawler: Okay, so you mentioned ads. You mentioned also app performance. Let’s bucket that out and talk about that. What are some of the issues that app developers run into on that side of things?
Ronnie Sternberg: In terms of performance, SDKs can access all the private user information the app receives. As a user, we know why we give the app access to our contacts or accounts or whatever it is, but we don’t know that the 18 SDKs within it can access this information, and that’s a very big thing. Now, I don’t expect users to know anything about it, and I’m happy that they don’t, but at least publishers can monitor and see [or, inaudible 00:10:47] as the case, accessing this private user data, and if so, they can turn off specific permissions.
Crashes, crashes and ANRs — ANRs is when the app freezes — are a big, painful thing. Users experience these crashes, and they just turn. They leave the app. They say, “Okay.” They don’t care if it’s the SDK or the app itself that crashes. “It’s a crash, and I’ll just uninstall the app.” The same goes with start time of the app. You click on the button, and by the time you see something on the screen past four seconds, you’re not going to stay there. These are the type of things that publishers really care about.
Ryan Lawler: When you talk about SDK crashes or apps that become buggy or they’re slow or they just shut down, is that usually the fault of the SDK? Is that the fault of the app not integrating it the right way? Who’s usually … What’s usually the problem there?
Ronnie Sternberg: The problem is that it can happen anywhere in the food chain. It can either be the fault of the SDK itself. It can be something with integration with the operating system, in terms of … Google Oreo came out, and suddenly SDKs are not allowed to run in the background, so they crash apps. It’s either the SDK didn’t fix itself, or the app itself hasn’t updated a version of that specific SDKs, and there are always issues that apps do not integrate SDKs the right way, and therefore it might crash the app. It’s across the board, but about 50% of crashes within apps are SDK crashes, which is a big number.
Ryan Lawler: It’s not the SDK developers’ problem, yeah.
Ronnie Sternberg: Exactly. Either it is their problem, and they did not think about it in advance, or it’s an old version, and sometimes there are SDK issues. We had a publisher that their SDK, one of their SDK had a problem connecting to the server, and the app crashed. No user could have used the app. Then, yeah, it is an issue of the SDK itself.
Ryan Lawler: Right, so one of the things that you do, which I personally find really interesting is that you publish research. You have this deep look into a large customer set, the number of SDKs that they’re using, the types of SDKs that they’re using, the types of problems that they’re running into. What are some of the most surprising findings for someone who’s not in that world, beyond just the large number of SDKs that developers use?
Ronnie Sternberg: That’s a very interesting question. Privacy is one of the interesting statistics that we see there. The amount of SDKs that access private user information is extremely high. I think, in the latest survey we had, was about 57% of SDKs still access some type of private user information, which is an enormous number.
Ryan Lawler: That’s crazy.
Ronnie Sternberg: Yeah, yeah, and trends within SDKs … For example, you can see payment SDKs going up, which is extremely interesting, more Bitcoins SDK. You see how the market and the SDK market go together very closely, if every time there is an acquisition within the market. There are very interesting trends there, as well.
Ryan Lawler: As a consumer, I subscribe to lots of different apps. You download an app. You create a username and password. You give the app some amount of information, and then there’s that social contract that I believe that, I’m giving this app my information, I’m going to get some value out of it, but I don’t necessarily think about that private user information traveling to some third party.
Ronnie Sternberg: The thing that is most interesting is nothing has changed in this area since we started the company. SDKs can always access private user information, the same information, of course, the app has. If the app doesn’t have access, the SDK can’t access it. For example, user apps … What other apps are installed on the device. They don’t … There is no permission that is needed, so nobody knows exactly what’s happening there. Once publishers start using our solution, they turn off this private information in order to take care of their end users.
Ryan Lawler: Is that something that you build in by default, or are you just educating developers, once they sign up, that this is a problem, and they should turn it off for each of these different SDKs?
Ronnie Sternberg: We educate them, a lot of times, to tell them that this is an issue. We do a lot of content on that topic, as well. That’s one side. On the other hand, with GDPR and publishers having to take control of their third party, as the case, then suddenly there is much more awareness on this entire topic.
Ronnie Sternberg: The EU has decided to come out with new regulations, the General Data Protection Regulations, the GDPR. They came out this May. The idea behind it was to give privacy and to take care of the European users better. They have the right to agree or disagree for companies to take their information. Suddenly, the European Union decided that … It’s not suddenly. It’s something that happened gradually, but it gave a shock to the entire industry.
Suddenly, you need to have your data saved in such a way that you can forget your users, or you need their explicit consent, or a lot of different things that didn’t happen. Now, you can say, “Okay, that’s just Europe, but why do we feel it in the U.S., as well?” The issue is that, as long as you have even one user in Europe, you are bound by the GDPR. That really changed everything, in terms of the market, and a lot of companies were and are still trying to understand exactly what it incorporates.
Ryan Lawler: Right. I’m sure it was great for your business.
Ronnie Sternberg: Oh, yes.
Ryan Lawler: Maybe talk about that. Why was that so important for a company like SafeDK?
Ronnie Sternberg: We did … There are two angles why it’s important. The first one is that we recognized when we started hearing more and more about GDPR, suddenly it gave focus on apps, and the third party, as the case, within apps. Suddenly, publishers came to us and said, “Okay, okay, we need help with the GDPR. What does it mean?”
Ronnie Sternberg: The second thing is, because we sell to publishers, we need a lot of content. We decided to work very hardly on owning the term GDPR for Mobile, because there was no literature about that yet. There was no checklist about what you need to ask your SDKs. We started working on specific content and eBooks and logs and everything to own that term and, by that, increasing the leads that get to SafeDK. It’s both publishers and the leads that have to do with it.
Ryan Lawler: Right. I’m curious what sort of macrotrends you’ve seen, since GDPR has come into effect, because I know, personally, for me, I received that raft of emails, where I essentially had to reopt into all of these services, newsletters, apps, et cetera. In a lot of cases, I just clicked unsubscribe, as opposed to saying, “Yes, I agree to share my information again.” Are you seeing a lot of churn as a result of these regulations going into effect?
Ronnie Sternberg: In terms of the apps and the SDKs that are integrated within them, we don’t see much churn. We saw a bit of a freeze, in terms of adding more SDKs. For a month or so, there was … Everybody was trying to figure out what they need to do. They updated a lot of SDKs to comply with GDPR, but then everything was back, business as usual, because the SDKs did a pretty good job in making sure their SDKs are GDPR compliant. Once everybody integrated, that’s water under the bridge. Everybody’s continually updating their apps again.
Ryan Lawler: Right. I actually have no view into what the … What is the regulatory framework or structure like? Are they going to be checking in? How do we know? What’s the actual process there? Do you know?
Ronnie Sternberg: We still don’t know exactly what’s going to happen. We saw that the beginning … Google and Facebook got some kind of class action suit, or whatever. Somebody tried to do that. I think they’re going to tackle the big businesses first, before they come to small, less popular organizations, but I think it’s too early to say.
Ryan Lawler: You mentioned you’re seeing more payment SDKs. If I think of that in a macro sense, that tells me that people are more willing to pay for the apps that they use or the content that they’re reading on their mobile phone, as opposed to just running on advertising. I’m curious what your thoughts are on that, or if that, you think, is a reasonable thing to assume.
Ronnie Sternberg: There are both … We see use of in-app payment, in-app purchases. We see quite a lot of that. You pay to get more life in a game. You … I think it’s somewhere split between that and rewarded videos and other kinds of payment, so-called, methods, but we see the payment SDKs in each and every app now: news publishers, games, kids’ games. Wherever you want, you can see them. PayPal has three different SDKs for payment now. I told you about the Bitcoin one. The sky’s the limit.
Ryan Lawler: Yeah, when we talk about stuff like Facebook and Google, and the way that people connect within apps, are you seeing any change in [inaudible 00:21:16], or log in with Facebook, or log in with Google, or log in with Twitter, as opposed to just creating an email and password?
Ronnie Sternberg: I can tell you, in terms of this, the case we see an increase in the social SDKs integration throughout these four years. We see the beginning, there was just a little. It was 20-something percent. Now, we’re talking about approximately 50% of apps have social connection. Sometimes you can’t even log in without connecting through Facebook or Google+ or whatever it is. We see an increase in the amount of usage of the SDK itself, which can imply that people are using it more and more, and, by the way, they use it just to give life to each other, playing a game or share or tweet or something like that. You can’t even get away from it, really.
Ryan Lawler: Right. I remember a few years ago, it was especially true that there were certain apps where you couldn’t log in, or you couldn’t create an identity without a Facebook login, but in my own personal experience, I feel like that’s changed a little bit, where more services have that email option, as opposed to just relying on third party login.
Ronnie Sternberg: Yeah, that may be true, because not everyone has Facebook, and it all depends on the audience of the app. If it’s too younger, they’re young kids, then they don’t have Facebook access, et cetera. Older people … It all depends on the age group and the purpose of the app, but you can play games and not connect to your Facebook, and that’s perfectly fine.
Ryan Lawler: Yeah, I think the big one is dating apps. They want to ensure that someone is a real individual, and so they rely on that sometimes, yeah.
Ronnie Sternberg: Yeah, that makes sense.
Ryan Lawler: Switching gears a little bit, you and your cofounder are both women in a very male-dominated industry. What has that experience been like in founding the company?
Ronnie Sternberg: I don’t know any other way, so it’s been a good experience, but it’s always surprising. People are surprised to see two female founders. There are a growing number of female founders. We see that in Israel, but it’s never, “Oh, that’s the same as male.” We don’t see ourselves any different. We are agnostic to gender. This is us, but it is … We can be in an event, and we will be the only two females out there. It’s that interesting.
Again, we have a team that has … I think we’re pretty much 50% female, 50% male, which is also great. We take the best people out there, so it doesn’t really matter, female/male, and we have the skillset to do it.
Ryan Lawler: I think it probably helps, the fact that you’re both female, as opposed to starting from a group of two to four men, and then having to work backwards and recruit women into an organization, right?
Ronnie Sternberg: Yeah, I think you might be right, just because people, and women, maybe have more tendency to come work with us because we’re a female founded company, maybe. Most of the people, by the way, we took to work with us have worked with us in the past. Most of them have either worked with Orly or we know from different places, so it has very much to do with our culture, as well, and the people that come to join us.
Ryan Lawler: If you weren’t doing what you are doing at SafeDK, what other areas of tech are you fascinated by or would you want to work on?
Ronnie Sternberg: I am very techie, although I never studied computer science. I am very techie and I’m a data geek, so everything that has to do with data and technology, that’s where my sweet spot is. I like seeing the numbers. I like seeing what’s going up, what’s going down, trends, ads, how they look, what happens there. That’s where, any kind of data that I can really put my hands on. I can’t think of doing anything else but SafeDK, I must say it, because this is who we are. This is what we’ve been doing. That’s where my focus is.
Ryan Lawler: Okay, so just to close things out, what does the world look like when SafeDK becomes ubiquitous or when every app uses the platform?
Ronnie Sternberg: We started from the get-go, and we really believe that … We can’t understand how publishers use SDKs without SafeDK, because they miss all this transparency and control. That’s where it has to go, between that and ads and cleaning up what’s happening out there. We’re trying to fix both sides, both help the app publishers, but also the SDKs. We have so much data on what’s running out there. We want to help them fix what they’re doing.
Ryan Lawler: Okay, all right, cool, awesome.
Ronnie Sternberg: Thank you.