[alyssam_infosec]

The challenge here is with SDKs, just like with other open source libraries and packages, once you introduce someone else's code into your app, it becomes infinitely harder to get visibility into what your app is doing and ensure that third-party code isn't doing something nefarious (or including a sub-dependency that does something nefarious).

[untog]

True, but at least on the web I can inspect what network requests it sends, what the code is (even if it's obfuscated). Native SDKs are just a black hole.