Who Are the FOSS Police?
About 70 percent of the time, a mobile app that contains open source code fails to comply with basic FOSS licensing requirements, according to a study conducted by OpenLogic. With hundreds of thousands of mobile apps for platforms like iOS and Android, violations could be quite rampant, if the study's sample is representative of the whole. But who's place is it enforce these licenses, and how?
Mar 11, 2011 5:00 AM PT
More than 70 percent of mobile applications containing open source code fail to comply with basic open source license requirements, OpenLogic claims.
The company scanned compiled binaries and source code where available for the top paid and free Android and iOS apps in the business and consumer sectors.
Of the 635 it viewed, 66 contained Apache or GPL/LGPL licenses. Of these, 71 percent contained violations of those licenses, according to the company.
OpenLogic did not respond to requests for comment by press time.
About the License Violations
The compliance rate for Android apps using the Apache or GPL/LGPL licenses was 27 percent, OpenLogic stated. Apple fared better here, with 32 percent of iOS apps examined being compliant with licensing requirements.
OpenLogic examined 635 apps across various categories. These included apps for banking, sports and games, apps from well-known bands and media organizations, and popular apps from smaller companies.
The company found several apps with extensive end-user license agreements that claimed the copyright to all the software included belonged to the developers, although some of the code in them was open source.
Thirteen of the apps that breached open source licensing requirements came from the iTunes App Store. OpenLogic stated.
Mobile apps will form the new frontier for open source compliance, the company added. Many mobile and tablet developers may not fully understand the open source code they use and the licensing requirements that apply.
Apple, Google and License Breaches
Apple has previously pulled several apps from the store that were determined to be under the GPL, and Google has received takedown requests for Android apps that violated the GPL, OpenLogic said.
"In the past, when we've been contacted with a report of an open source license violation on our various app markets or on sites like code.google.com, we've pointed people to the DMCA process so that we can take down the offending project," Chris DiBona, Google's open source programs manager, told LinuxInsider.
"We take this problem extremely seriously," DiBona added.
Apple did not respond to requests for comment by press time.
Putting Things in Perspective
Though OpenLogic examined over 600 apps, only about 10 percent of the 635 apps examined contained open source code. If 71 percent of the apps containing open source code breached the terms of their license, that works out to about 7 percent of the apps examined.
"Any product that's built using input software written by others needs careful management of the terms under which the copyright is licensed," Simon Phipps, director of the Open Source Initiative (OSI), told LinuxInsider.
OpenLogic's stance is more of a marketing stunt, Phipps suggested.
Looking for the FOSS Police
If someone does indeed breach open source license requirements, what recourse is there? Who will crack the whip for open source?
The Linux Foundation has an open compliance program that consists of a set of open source tools, training curricula, and a self-administered assessment checklist as well as a data exchange standard.
While the program is supported by major vendors, participation in it is apparently voluntary and adherence to licensing requirements seems to be based on the honor system -- what else could a self-administered assessment checklist result in?
"The Linux Foundation's open compliance program is focused on education and does not include enforcement," Amanda McPherson, a vice president at the Foundation, told LinuxInsider.
"We encourage the entire open source software community to work together to ensure apps are compliant with open source licenses," McPherson added.
The OSI, in turn, is more of an advocacy organization, Andrew Oliver, a member of that organization's board of directors, Oliver told LinuxInsider.
"While we do have an interest in educating folks on what is and is not open source, I would consider license enforcement outside of our mission at this point," Oliver elaborated.
"The OSI provides the framework and licensing basis for those who wish to do open source development, but it's up to rights holders themselves to defend the works they license," Michael Tiemann, a vice president at Red Hat who serves as OSI's president, told LinuxInsider.
In other words, boys and girls, you're on your own.
However, that doesn't mean you have to go it alone. The Software Freedom Law Center provides legal services to FLOSSers and also puts out publications that include a guide on how to ensure compliance with open source licenses.