Mar 10, 2011 — by Eric Brown — from the LinuxDevices Archive
— 2 views
OpenLogic announced the results of a license-compliance assessment of 635 Android, iPhone, and iPad apps, finding that of the 66 apps with open source GPL/LPGL or Apache licenses, 71 percent failed to comply with license requirements. Apple iOS actually scored higher at compliance, with 32 percent compared to 29 percent compliance for Android apps, says the study.
Using its OSS Deep Discovery scanner technology, open source software and service provider OpenLogic scanned compiled binaries (and source code, where available) for 635 mobile applications to identify open source code licensed under GPL, LGPL, and Apache licenses.
The top paid and free apps for Android, the iPhone, and the iPad were selected across a variety of categories. OpenLogic also included apps that have been featured in TV ads, as well as those offered by the top 20 U.S. firms in the Fortune 500, says the company. From this list, 52 applications that use the Apache license were identified along with 16 that use the GPL/LGPL license.
Of the applications scanned, 71 percent were said to have failed to comply with four key obligations including:
- GPL/LGPL requirements for providing source code or an offer to get the source code
- GPL/LGPL requirements for providing a copy of the license
- Apache requirements for providing a copy of the licenses
- Apache requirements for providing notices/attributions
Other findings in the study include:
- Among apps that use the Apache or GPL/LGPL licenses, the compliance rate was 27 percent for Android and 32 percent for iOS.
- Overall compliance of Android applications using the GPL/LGPL was 0 percent.
- 13 of the apps from the Apple App Store used GPL/LGPL, although the App Store has already removed other apps that included GPL/LGPL licenses.
- Two of the Android apps contained LGPLv2.1, a license that could have potential conflicts with Apache 2.0, the major license of Android.
- Several of the scanned apps had extensive EULAs (end user license agreements) that claimed all of the included software was under a copyright owned by the vendor, when in fact some of the code was open source.
App developers need to pay attention to open source license compliance to ensure their apps are not impacted by legal actions, says OpenLogic. (The effort is not entirely altruistic, as the company would love to sell app developers its scanning tools and services to help them out.)
According to OpenLogic, the Free Software Foundation (FSF) has already stated that the GPL and iTunes licenses are not compatible, and Apple has already pulled several apps from uts store that were determined to be under the GPL. In addition, Google has also received takedown requests for Android Market apps that violated the GPL, says the company.
In Dec. 2009, OpenLogic launched an Open Source Fulfillment Center service that helps companies ensure compliance with GPL licenses. In August of last year, the Linux Foundation announced a program to help companies comply with open source licenses. The Open Compliance Program includes training, consulting, a self-assessment checklist, a standard format to report software licensing information, and tools for dependency checking, BoM analysis, and code clean-up.
These initiatives are not the first to address the growing complexities of open source licensing. In 2008, Open Compliance Program member Software Freedom Law Center (SFLC), known for its successful prosecution of GPL scofflaws on behalf of BusyBox, published a GPL compliance guide to help embedded developers find their way through the licensing maze. That same year, a Germany-based group that inspired the SFLC — GPL-Violations.org — published a guide to identifying GPL violations in embedded code.
Yet, many mobile developers are clueless about open source licensing, or feel they don't have the time and expense to hunt down license obligations in their code. Others are aware of the violations, but assume they can fly under the radar without paying the consequences.
In conjunction with January's CES show, a study posted on Codon.org.uk reported that the vast majority of Android tablets rate poorly at GPL compliance. These were said to include tablets from well-known vendors.
Stated Kim Weins, senior vice president of products and marketing at OpenLogic, "The lack of awareness and understanding about open source compliance means that any brand or organization creating mobile applications can be at risk. Still, open source compliance need not be difficult. It simply requires understanding all the open source used in your application and ensuring you comply with the requirements of those licenses."
Availability
More information on OpenLogic's open source scanning tools and services may be found at its Open Source Scanning page.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.