Without extensive investigation, you won’t be able to know exactly what the precompiled SDKs are up to in your app. It’s exceedingly easy to wire a binary black box SDK in such a way that you, as the developer, would never know what’s going on inside.
I’ve often wondered if I am a little to trusting with some SDKs I’ve used over the years in iOS apps. I’ve never had an issue, but in the case of precompiled SDKs, without monitoring all my network communications, I really wouldn’t know if there was anything questionable going on.
More and more though, using CocoaPods for instance, I have noticed that the code is not always compiled, allowing for easier introspection into what is going on in code you are trusting inside your app.
This article has me thinking about what I am using with a bit more scrutiny going forward.