The Ministry of National Security reminds that SDK (Software Development Kit) is a set of development tools provided for specific software frameworks, hardware platforms, or operating systems. It is like a "treasure box" that thoughtfully provides software developers with the semi-finished products, tools, and instructions needed to build applications, greatly improving work efficiency. However, convenient SDKs may also pose a risk of leakage. Overseas organizations may illegally collect sensitive information and remotely transmit it to overseas servers by embedding malicious SDKs into various application software. This behavior not only seriously violates citizens' personal privacy, but also may lead to key information such as user profiles and industry data being controlled overseas, thereby posing a real threat to our national security. The potential threat of SDK - elusive hidden 'backdoors'. Foreign hacker organizations or hostile forces may exploit security vulnerabilities or malicious code in third-party SDKs for attacks, and some may even directly use SDKs to develop pre installed backdoors or exploit undisclosed vulnerabilities to deeply infiltrate applications developed using the SDK. Once users install such applications, attackers can remotely manipulate their devices and steal more important and sensitive information. ——Unauthorized plundering that violates permissions. According to reports from relevant organizations, some SDKs have engaged in illegal collection and use of personal information, which may be used for precise user profiling and analysis, leading to the inference of deeper information. Some overseas SDK service providers even induce developers to use their services through payment, forming a hidden data acquisition chain and profiting illegally from it. ——The inherent hidden danger of accumulating feathers and sinking into a boat. As the number of applications developed using third-party SDKs increases, their potential attack surface expands exponentially, further increasing security risks. When a general SDK has vulnerabilities, all applications that integrate that component will face a chain of security threats, ultimately spreading to the entire mobile ecosystem and posing a systemic risk. Block the SDK "Trojan" theft channel - individual users. Individual users should download and install applications from official app stores and other legitimate channels. Do not click on advertising links of unknown origin or install pop-up software at will. After installation, application permissions should be carefully managed, and access permissions unrelated to the core services of the application should be closed as much as possible, especially those involving sensitive information such as location, contact list, photo album, or tariff functions, to avoid personal information leakage and property damage caused by excessive permission opening. ——Application development companies. A full lifecycle security management mechanism for SDK should be established, with priority given to using registered SDKs, strict evaluation of functional independence, avoidance of unrelated module bundling, and continuous monitoring, regular updates, and timely vulnerability patching during use. Perform source confirmation and integrity verification on the integrated SDK, and continuously monitor for any abnormal behavior in the SDK. ——App platform supplier. The SDK access status, permission scope, privacy policy, and other information should be accurately communicated to the public. During the operation period, the operator should be proactively reminded to promptly improve any behavior that does not meet the requirements. After the cooperation ends, the supplier should urge the SDK operator of this application software to withdraw authorization, delete or anonymize user data in accordance with the law. National security agencies remind citizens and organizations to be vigilant and block the illegal intrusion of malicious SDK software. If you find any clue about illegal use of the SDK to engage in activities endangering national security, you can report to the local national security authority directly through the 12339 national security organ's report acceptance telephone, the online report platform (www.12339. gov.cn), the WeChat official account of the Ministry of National Security's report acceptance channel. (New Society)