Are Mobile Apps Violating Open Source Licenses?
There are a lot of mobile apps that use open source software, but how many of them are in compliance with open source licensing rules? As it turns out, not very many.
Both the GPL/LGPL and the Apache open source licenses require developers to provide copies of the licenses. With the GPL/LGPL the license also requires that developers provide a means by which users can get the source code. OpenLogic has a scanning tool called, OSS Deep Discovery, which helps to identify when open source code is being used.
"The lack of compliance was not all that surprising to us," Kim Weins, senior vp of products and marketing at OpenLogic, told InternetNews.com. "Developers and companies often don't have a complete picture of their open source usage or how to comply with the licenses."
Wiens added that with mobile apps, there is an influx of non-technology companies who have now become software distributors. These companies may not have experience with the legal and licenses issues around open source compliance.
Adding further insult to injury, OpenLogic's study found several apps that appeared to write their EULAs with no awareness that their app contained open source.
"It is possible that the developers were aware of it, but the lawyers that drafted the EULAs were not," Weins said. "This is very common in companies that we work with -- often no one in the company has a complete picture of the open source being used."
She added that happens because the companies often don't have the right processes and tools in place, or because they aren't even aware that it's an issue.
"In addition, the nature of open source software, which often bundles other open source software under completely different licenses, means that even developers can miss some of the licenses for open source they are including in their code," Weins said.
App stores all have some kind of evaluation process before an app is accepted. Weins noted that the app stores should take a lead in help in to facilitate awareness of open source compliance among the developers.
"Although the developer agreement for an app store will discuss IP issues and may even reference open source code, there is very little information to help developers understand what the issues are and how to follow the rules," Weins said. "In addition, when an open source compliance issue is raised, it is likely to result in a takedown request for the app."
OpenLogic sells a product called the OLEX App Store Edition which provides tooling that can be used by developers to do a self-service scan on their apps prior to submitting to the app store and by app stores to track open source compliance.
Overall the goal of OpenLogic's study on open source license compliance for mobile apps is about raising awareness.
"We will not be reporting or sharing any names of companies or apps that failed to comply," Weins said. "We will attempt to reach out to those companies and inform them, so that they can remediate the situation and come into compliance."
- 1Linux Top 3: Network Security Toolkit, Untangle NG Firewall and IPFire
- 2Linux Top 3: Fedora 24, Peppermint 7 and Solus 1.2
- 3Linux Top 3: Alpine Linux 3.4, deepin 15.2 and Linux Lite 3.0
- 4Linux 4.7 Set to Boost Live Patching, Security and Power Management
- 5Linux 4.6 Charred Weasel adds USB 3.1 Support