
Libraries Used in the Top 100 iOS Apps - martin_tipgain
https://medium.com/ios-os-x-development/libraries-used-in-the-top-100-ios-apps-5b845ad927b7
======
mwcampbell
I notice that no off-the-shelf web view wrappers (e.g. PhoneGap/Cordova) or
non-web-view JavaScript frameworks (Titanium, NativeScript) are in this list.
Would Xamarin, RoboVM, or RubyMotion be detectable with this method? Or can we
safely assume that all of the top 100 apps are native ObjC or Swift?

~~~
eljimmy
I would expect that if an app is popular enough to be in the top 100 then it
most likely has the bankroll to pay for native devs.

I can't imagine ever seeing a non-native app in the top 100 with the exception
of maybe ReactNative-based apps which is a bit of a grey area since it
compiles into native.

~~~
NateLawson
There are many non-native apps in the top 100. Cordova is popular for business
apps (Amazon and Walgreens both use it, for example). Unity (C#) is extremely
popular for games because they built an awesome dev environment and it
compiles to native, thanks to Mono's translation layer.

I agree that React Native is great, and you will be seeing a lot more apps
using it, especially as their Android version comes out.

~~~
eljimmy
Do you have some examples? Not doubting you, I'd genuinely like to take a look
at them.

~~~
NateLawson
Sure, just look at our public view of the data. It's limited to the top 500
free apps in the US. Choose category "cross-platform" and then compare iOS vs.
Android. List of apps and the SDKs in each is at the bottom.

[https://sourcedna.com/stats](https://sourcedna.com/stats)

------
CyrusL
Interesting sidenote: I saw a reply to this post on Twitter where SourceDNA
commented how the makeup of the top 100 apps differs from the long tail of
apps:

[https://twitter.com/SourceDNA/status/652247709655547905](https://twitter.com/SourceDNA/status/652247709655547905)
[https://twitter.com/SourceDNA/status/652247927289544704](https://twitter.com/SourceDNA/status/652247927289544704)

"CocoaPods is less popular in the top 100 apps than the long tail. We see
~180K apps with AFNetworking."

"CocoaPods more popular in apps that aren't top 100. Top apps more customized,
less third-party code."

~~~
smithclay
Anyone done any analysis on what top 100 apps are using Swift?

Similar to the cocoapods note, my guess is it's catching on much faster with
the long tail than the most popular apps.

~~~
supster
Fun fact: Lyft is the only top 100 app I've heard of using Swift [1]
[http://www.fastcompany.com/3050266/tech-forecast/lyft-
goes-s...](http://www.fastcompany.com/3050266/tech-forecast/lyft-goes-swift-
how-and-why-it-rewrote-its-app-from-scratch-in-apples-new-lang) [2]
[http://thenextweb.com/insider/2015/07/17/the-lyft-ios-app-
is...](http://thenextweb.com/insider/2015/07/17/the-lyft-ios-app-is-now-
written-entirely-in-swift/)

~~~
melling
Lyft was completely rewritten in Swift so that was news. Many other companies
could be using Swift but it's not really news if 95% of your code is still in
ObjC.

------
gorena
Scary how many of these are obsolete or outdated.

"Bolts-iOS" is a _dependency_ of "facebook-ios-sdk", which means that 19 of
the top apps are using an outdated version of the Facebook SDK that predates
Bolts, and might be vulnerable.

~~~
NateLawson
Yep, there are tons of SDKs being used that aren't actively maintained like
ASIHTTPRequest on iOS, for example. There are two reasons we've found:

1\. App was written a while ago and is only in maintenance mode

2\. Developer got started early on and hasn't kept track of the industry

The latter often happens with internal dev kits, where someone drops a static
library in (say, to add a wrapper) and then never updates the dependency. New
apps inherit it when they use the internal dev kit.

------
melling
Here's a curated list of Swift libraries:

[http://www.ioscookies.com](http://www.ioscookies.com)

And some cool new Swift/Objective C libraries:

[https://www.ckl.io/blog/9-trending-objective-c-and-swift-
ios...](https://www.ckl.io/blog/9-trending-objective-c-and-swift-ios-
libraries/)

------
uwemaurer
Top libraries for Android apps:

[http://www.appbrain.com/stats/libraries/dev](http://www.appbrain.com/stats/libraries/dev)

Top ad network on Android sorted by usage:

[http://www.appbrain.com/stats/libraries/ad](http://www.appbrain.com/stats/libraries/ad)

------
chrisBob
Anyone know what is wrong with the table? When I try to highlight text (so I
can find out what Flurry-iOS-SDK is) it lets me click, but then scrolls
rappidly to the top of the page when I move the mouse to highlight something
(Safari on OS X).

~~~
peterjmag
Weird, happens for me too (in Safari, but not in Chrome). Perhaps it's
something to do with the iframe that it's embedded in?

In any case, here's the original gist, which doesn't seem to have the same
problem:
[https://gist.github.com/ryanolsonk/e33bf9e89677da9fe8ce](https://gist.github.com/ryanolsonk/e33bf9e89677da9fe8ce)

------
tptacek
This is neat. Someone should get Nate Lawson in here; SourceDNA has this
analysis for free and paid apps in both app stores, and he's doing it by
bringing up binaries to an IR and doing pattern matching.

~~~
cryowaffle
Be the person you desire

------
timanglade
Probably of interest as well: a list from CocoaPods of the top SDKs sorted by
number of unique apps that have installed them
[https://gist.github.com/orta/1c607a2c46545244ab16](https://gist.github.com/orta/1c607a2c46545244ab16)

~~~
NateLawson
Nice, thanks for pointing that out.

Note that it may be skewed a bit since apps can get created but not published
on the app stores (personal experiment, in-house app for a company). This does
roughly align with our data on iOS though.

------
an4rchy
I'm surprised Realm is not on here.

~~~
timanglade
As Nate says, the top 100 changes a lot from week to week. We actually have 3
apps that are routinely in the top 100 these days (Pinterest, Dubsmash &
Target) and a few more that can make it depending on releases/advertising
(Digg, Zappos, Groupon, Wahoo, Bodybuilding.com,…), and growing pretty fast in
that segment considering we only came out about a year ago.

Anyway, I think we had 3 apps in the top 100 the week this analysis was made;
unfortunately the author cut off the list at SDKs that had 4 or more apps.
Next time ;)

------
aresant
Slightly off-topic but we're in the middle of building an iOS / Android SDK /
library to drive improved location services.

Does anybody have any solid resources on SDK marketing directly to iOS and
Android developers?

We've found some innovative ways to address the community (doesn't hurt to
have an office packed with engineers to ask where they find solutions) but
looking for ideas ranging from the best developer events, to publications, to
PR agencies focused on devs, to marketing co's etc.

I have been surprised how hard it is to turn up prior-art on this subject.

~~~
smithclay
Couple of companies come to mind:

* Realm.io has successfully positioned themselves as a thought leader in swift development for iOS by producing solid blog content and leading the Swift SF meetups (+ contributing to open-source projects).

* Crashlytics/Fabric.io is more interesting -- my experience with them has been entirely word-of-mouth (but they have a big presence at Twitter's developer conference/WWDC/Google IO, too).

* Parse generally has interesting, high-quality technical blog content: ([https://blog.parse.com](https://blog.parse.com)).

~~~
NateLawson
I agree that both Realm and Fabric have done an excellent job reaching out to
developers. Fabric went to another level in providing a slick interface to
make it easy to drop in and update their SDKs. I'd be excited to see that more
generally available, maybe integrated with CocoaPods.

~~~
coldcode
My only fear with Fabric is how Twitter's layoffs affected them.

------
iomind
How exactly do you scan these apps though? The only proper way I can think of
going about it is to some how bulk download these apps and then go about
analysing their code.

~~~
coldcode
Download the apps normally, then jailbreak the phone. Now you can poke around
all you want.

~~~
solarexplorer
There is no need to jailbreak anything. Just download the apps with iTunes,
unzip the ipa, and voila... you can do all the static analyzing you want.

------
DannyBee
For giggles, go into these top 100 apps, and see how many actually properly
comply with the open source licenses of many of these libraries (IE they
reproduce the proper notices, etc).

------
joshavant
_4_ of the top 100 iOS apps are STILL using ASIHTTPRequest? ಠ_ಠ

~~~
ianstallings
Because they're not going to rewrite or replace code that already has been
tested and works in production.

~~~
gorena
Using an unmaintained networking stack should _terrify_ you.

~~~
Velox
Just because it's old doesn't mean it's unmaintained.

~~~
plorkyeran
ASIHTTPRequest has been unmaintained for years.

~~~
NateLawson
Correct, the banner shows it was last updated in 2011.

[http://allseeing-i.com/ASIHTTPRequest/](http://allseeing-i.com/ASIHTTPRequest/)

Given the problems we found with SSL domain verification in another networking
library, you definitely don't want to be using unmaintained code for this.

[https://sourcedna.com/blog/20150420/afnetworking-
vulnerabili...](https://sourcedna.com/blog/20150420/afnetworking-
vulnerability.html)

(SourceDNA helps developers secure & improve their apps, and one of the things
we identify is out-of-date static libraries.)

------
smilliken
We've automated this at MixRank and have analyzed millions of apps over the
last couple years.

Is there anything of interest HN would like me to look up or blog about?

