To shorten the application development time,many Android developers include third-party SDKs in their apps.Third party SDKs are toolkits developed by third-party service companies such as advertising platforms,data providers,social network,and map service providers.These third party SDKs have become an important part of the Android ecosystem.If an SDK contains security vulnerabilities,all the apps that include it would become vulnerable,which severely affects the security of the Android ecosystem.To address this issue,this work selects 129 popular third-party SDK in the market and makes comprehensive analysis of their security.In order to improve the accuracy of the analysis,demo apps of third-party SDKs are taken as analysis object,and certain effective Android-app analysis methods (such as static taint tracking,dynamic taint tracking and dynamic binary instrumentation) and analysis tools (such as flowdroid and droidbox) are employed.The result shows that more than 60% of the collected third-party SDKs contain various of vulnerabilities (e.g.misuse of HTTP,misuse of SSL/TLS,abuse of sensitive permissions,identification,vulnerabilities brought by the local server,information leakage through logging,mistakes of applications developers),which is a threat to the related applications and the users of these applications.