April 23, 2024

Status:  Current Specification
Superseding:  Version 1.0 (unpublished) 

The ISL SDK Data Privacy Risk Dictionary scores SDKs found in ISL research (such as the 2022 US K-12 EdTech Safety Benchmark). The original SDK Privacy Risk Dictionary version 1.0 was developed in 2021 and utilized in the app scoring in the 2022 US K-12 EdTech Safety Benchmark and App Microscope but was not publicly available. Thus this is version 2.0.

SDK Privacy Risk is calculated from a multi-part formula reflecting Risk Impact plus Risk Likelihood. Risk Impact and Risk Likelihood are both scored from -1 (lowest risk) to -4 (highest risk), and then added together. The final score is normalized into a range from -1 (lowest risk) to -4 (highest risk).

Risk Impact is directly proportional to the type of data generally accessed to provide the functions of the SDK, based on its category/subcategory and tag information. The more sensitive the personal information, the higher the Risk Impact. For instance, biometrics SDKs have a very high Risk Impact; SDKs for video and photo capture or processing would also have very high Risk Impact scores. 

Risk Likelihood is the likelihood of the SDK sharing or monetizing personal information. This was calculated using the following SDK characteristics:

         a.     The SDK’s primary industry category, subcategory and tags. Categories known to monetize personal information (such as
                 Advertising / Marketing) received in higher Risk Likelihood. [Source: privacy policies, online research]  

         b.     The publisher’s (company’s) Risk Score. [Source: ISL Company Privacy Risk Dictionary] 

NOTE: If the SDK is discontinued, it results in the highest SDK Risk Score, since a discontinued SDK is unsupported and any traffic to that entity is extremely risky. [Source: online research] 

ISL provides this data as an informational tool reflecting research at this point in time–version 2.0 published on 4/23/24. Please contact us at contact@internetsafetylabs.org if you have questions or corrections.

This work is licensed under the Creative Commons Attribution-NonCommercial 4.0 International License.

Open SDK Risk Dictionary

Revision History
v1.0  Unpublished, internal use only.
v2.0  First published version.