Security: is the React Native SDK affected by the reported AppsFlyer compromise?

[markwitt1]

Hi AppsFlyer team,

There is an ongoing public discussion about a potential AppsFlyer compromise:

• https://www.reddit.com/r/cybersecurity/comments/1rpo6jl/likely_appsflyer_compromise/

Can you clarify whether the React Native SDK in this repository is affected?

Specifically:

• Are any released versions of appsflyer-react-native-plugin impacted?
• If this plugin bundles or depends on native iOS/Android AppsFlyer SDKs, which native SDK versions are involved?
• If there is any risk, what versions should integrators upgrade to or avoid?
• Are there any recommended mitigation or verification steps for teams currently using the React Native SDK?

A brief status update would help teams assess whether any immediate action is needed.

Thanks.

[github-actions]

👋 Hi @markwitt1 and Thank you for opening this issue.
Please contact AppsFlyer support through the Customer Assistant Chatbot for assistance with troubleshooting issues or product guidance.
To do so, please follow this article.

[pazlavi]

Hi @markwitt1 ,

Thank you for raising this.

We would like to clarify the scope of the incident that occurred on March 10 between 01:00–10:00 UTC.

The issue was caused by unauthorized DNS configuration changes affecting an AppsFlyer web domain, which impacted the following web products only:

• AppsFlyer Web SDK
• Smart Banner SDK

During that time window, these web components may have retrieved and executed code from an unauthorized source.

Impact on React Native and Mobile SDKs

The AppsFlyer Mobile SDKs were NOT impacted by this incident.

This includes:

• Android SDK
• iOS SDK
• React Native plugin
• Flutter / Unity / other mobile plugins built on the native SDKs

The React Native plugin is a wrapper around the native iOS and Android AppsFlyer SDKs and does not load or execute the affected Web SDK code. Therefore, React Native apps using the plugin were not exposed to this issue.

Current status

• The underlying issue has been fully resolved.
• A full internal investigation and root cause analysis is ongoing.
• Additional preventative measures are being implemented.

Additional note

As a precaution related to the DNS incident, API Token V2 tokens were revoked and must be regenerated. This change does not affect SDK integrations, but may affect integrations using the AppsFlyer APIs.

If you have further concerns regarding your integration, feel free to contact AppsFlyer support or your CSM.

We apologize for the concern caused and appreciate your patience while we addressed the issue.