The SDK of mobile advertising platform Mintegral has passed the open-source security audit of WhiteSource, a leading third-party open-source security platform. According to the official audit report, the Mintegral SDK open-source code is highly secure, and is capable of providing safe and reliable services to its partners.
Open-source security is a crucial foundation for data security
Over the past two years, data security issues have become increasingly prominent. Ensuring data security involves many aspects such as enterprise security management systems, technology systems, and compliance. Among others, the security of an applications code is a crucial step towards ensuring data security.
In September 2020, Mintegral announced that it would open its SDK source code to provide partners with a higher level of transparency and security. To further ensure data and technology security, Mintegral utilized WhiteSource to conduct a comprehensive open-source audit on its SDK.
In an open-source audit, the certified auditor conducts a thorough investigation of the application’s open-source components. This includes an open-source software list, license compliance analysis, and an open-source security vulnerability assessment. The audit combines both comprehensive and objective risk analysis and actionable recommendations for using the application’s open-source codes. Ultimately, the audit can improve the technical transparency of corporate applications and help enterprises find, correct, and optimize potential compliance or security problems of the codes to improve data security at the technology level of the codes.
WhiteSource’s audit report concluded that the open-source code of the Mintegral SDK is highly secure. Mintegral develops the codes used solely in the Mintegral SDK without any other third-party code or libraries, which effectively avoids any potential security risks or “backdoor” situations and ultimately safeguards data security for users.
The audit report also objectively presents some risk disclosure for Android SDK, including open-source license risk and code security risk. However, this disclosure should not cause concern as WhiteSource emphasized that these risks arise from the Google Android Studio, and are not directly linked with the Mintegral SDK. The Google Android Studio, the tool for developing the Mintegral Android SDK, was also included in the security audit, as WhiteSource examined the security of the entire SDK compilation and release. Android Studio relies on many third-party codes and libraries. If Google does not recognize this and update accordingly, those risks will always exist in Android Studio but will not affect Mintegral SDK’s security.
Generally speaking, a large number of applications utilize third-party open-source codes in their development processes. Use may be accompanied by potential legal risks, security vulnerabilities, and compatibility issues, affecting data security and pose significant risks to enterprises. Therefore, the Mintegral team has been sticking to the principle of “clean coding” by avoiding leveraging any third-party open-source codes and libraries.
“Data and technology security has become the top priority for enterprise development. We hope to put into practice the transparency and security of data and technology brought by the open-source SDK in a careful and thorough manner,” said Erick Fang, CEO at Mintegral. “The open-source audit done by WhiteSource provided a comprehensive, objective, and accurate risk assessment on our code security and helps us continue to upgrade and optimize our technology.”
“When developing and maintaining longstanding applications, enterprises should always ensure that their partners understand the security of the entire technology supply chain. Our goal is to improve the trust and expectations of our partners, as well as to avoid unnecessary security risks that will ultimately affect users’ data security,” Fang noted.
Apart from the open-source security audit by WhiteSource, Mintegral has also carried out several audits related to data security and certifications related to advertising transparency. These are intended to enhance the transparency, safety, and reliability of products offered by advertising technology companies.