Why Am I (Still) Talking About This? In a concise amount of time, mobile apps have become a part of almost everything we do. Android Market (now Google Play) reported 600,000 apps, up from 150,000 just over a year ago. Forty-six million apps are reportedly downloaded each day from Apple's App Store. A recent Wall Street Journal article estimated the number of apps expected to be downloaded worldwide this year to be 136 billion. And it's not just mobile; there are now app stores for web apps, cloud apps, platform-specific apps, and so on. This is just the beginning.
Being that part of my role at OpenLogic includes helping our customers understand open source license compliance issues, I find the question of compliance in apps and app stores to be particularly interesting. This topic involves a relatively new form of distribution with vast impact. The law moves slower than technology, forcing us to swim in murky waters - how exciting! But this subject does not grab my attention just because of my job. I can't avoid the topic even when I'm not at the office. I've run into app developers (and ended up in conversations about development process and the use of open source) on bike rides, in coffee shops, and while getting a facial. Even those businesses that lend themselves to bricks-and-mortar are looking for an angle, as witnessed by a recent conversation with a local business owner who was trying to figure out how a mobile app could drive business to his store.
We know open source software is used in apps. We know there are challenges to license compliance for both app developers and app stores and that these challenges can be exacerbated by multiple layers of distribution. Although this is a new venue with its own set of issues, there are familiar aspects. Might it be said that this scenario of multiple layers of distribution is not entirely unlike the consumer electronic supply chain that has featured prominently in open source license compliance actions? If we know apps use open source, why have there been only a couple public enforcement actions involving apps. As I discussed in a previous post, the legal construct encourages removal of a non-complying app from the app store, rather than encouraging fixing compliance. Does this conundrum then hamper enforcement efforts?
Motivated by Risk? I wish I could say that the main motivator for open source license compliance was because it's simply the right thing to do. You obtained some high-quality code that performs a function you need for free; the condition for using that code involves some relatively minimal license requirements. Do you really need any more reason to comply? Unfortunately, "because it's the right thing to do" doesn't always carry much weight in the corporate world. Companies using open source are all too often only concerned about the risk of non-compliance; most pointedly, will they get caught and how much will that cost? Of course, a potential lawsuit for non-compliance is far and away not the only reason to abide by the license for the free software you are using.
So, what are the risks--both legal and business--of non-compliance for app developers and app stores? Like we identified the challenges to compliance last week, let's take a look:
Do these risks create a strong incentive to comply with open source licenses? For app developers? For app stores?
Even at a quick glance, it's clear to see that the risk of non-compliance for app developers is greater than for app stores. Some of the risks that are similar or the same for both differ in potential severity. For example, an app development shop who has had an app removed from an app store due to non-compliance could suffer reputational damage in the form of potential-customers balking at hiring it for fear of the same result. On the other hand, Apple probably did not suffer reputational damage resulting in significant business loss due to the publicity around removing GNU Go and the licensing conflict between the iTunes terms and the GPL as brought to light by the FSF. Similarly, the loss of revenue for an app developer is much more significant than for an app store, when you consider the volume of apps listed on the well-trafficked app stores.
Do we care? What to do? In spite of the legal reality that the app store must comply with the licenses, when we look at the challenges and risks, the burden ends up largely resting on the app developer. Is this fair? Is this the outcome we want? That is, where the use of open source in apps in somewhat restricted or compliance is often overlooked. Does this scenario hurt the development process? Do we need a BusyBox of apps--an open source project that is indispensible and widely used by apps--combined with publicly announced lawsuits to move open source license compliance in apps and app stores from the pink elephant in the room to a viable conversation that results in solutions?
What might a FOSS-friendly app store look like? In terms of power and resources, the app store is in a better position to influence and effect compliance. In a perfect world where open source license compliance was an unquestioned default, what might a open source software friendly app store look like? Is there a way to encourage app stores to be open source software friendly in a way that is practical and commercially feasible? How can an app store encourage compliance by developers instead of leaving them to fend for themselves and pulling the app when there is an issue? Should app stores take an active role in education and outreach around open source software, licenses, and compliance? Should an app store make compliance a requirement or take such measures as: asking for a bill of materials during the app submission process; providing a central repository for app corresponding source code; scan incoming apps; or check for compliance?
There are currently more questions than answers when it comes to this topic. I think that will change eventually. What do you think? What will take to move the conversation from mostly abstract conjecture to tangible outcomes?
 For a more in depth discussion of compliance issues and suggestions for app developers, see the Linux Foundation Open Compliance Program publication, " Open Source Compliance in the Application Development Space," available at: http://www.linuxfoundation.org/publications/compliance/compliance-in-app-dev-space
Pink elephant image credit: © Vladislav Ociacia | Dreamstime.com
Follow @jilaynelovejoy View Jilayne Lovejoy's profile
Allowed tags: <a> link, <b> bold, <i> italics
If you read a post on The Enterprise OSS Blog, please leave a comment. Let us know what you think, even if it's just a few words. Comments do not require approval, but they are moderated.OpenLogic reserves the right to remove any comments it deems inappropriate.