The world has officially gone app crazy. Almost every leading brand, from Starbucks to General Motors, creates apps for both iOS and Android devices. According to the App Genome project, there are now over 400,000 apps in the Android Market and Apple App Store combined, while leading IT analyst firm, Gartner, has declared that the market for mobile apps will exceed $15B in 2011.
And those mobile apps are being built using open source components. OpenLogic research from September 2010 showed that over 88% of Android apps and 41% of iPhone/iPad apps contained some form of open source technology. App developers use open source libraries and frameworks to get their products to market quickly with robust functionality.Although open source components may be freely available, they do still come with a set of obligations that the users of the technology must follow. OpenLogic recently released the results of its Open Source in Mobile Apps research. We found that over 70% of apps using open source under the GPL, LGPL and Apache licenses were not in compliance with the relevant obligations.
Unfortunately, although app developers love to use open source, they may not be as diligent when it comes to complying with the associated open source licenses. To date, there have been a few public instances where this lack of compliance has caused problems for app developers that have included takedown requests from an app store and negative publicity.
Adding to license concerns, the Free Software Foundation, author of the GPL, has asserted that the terms of service for the Apple Store are incompatible with the GPL. The Free Software Foundation specifically pointed out one app (GNU Go) that is licensed under GPL. Apple’s response was to remove the GNU Go the Apple App Store with no public comment by Apple. Without any changes in Apple’s Terms of Service, it appears that no app using GPL can be placed in the Apple App Store.
As Simon Phipps points out in his blog,
“Any product that’s built using input software written by others needs attentive management of the terms under which the copyright is licensed…That needs careful management processes which are applicable regardless of whether the software is licensed bilaterally under proprietary terms or multilaterally under open source terms.”
The challenge that app developers and companies face are twofold: lack of awareness on the issues of open source compliance and a lack of processes to ensure compliance.
At AnDevCon, a recent conference for Android developers, we interviewed 25 developers on video and asked them what they were doing to comply with open source licenses. 67% of those developers felt that complying with open source licenses was a challenge. These interviews clearly illustrate the lack of awareness and education among app developers.In addition, a report from Gartner indicates that 69% of companies have no open source policy in place. App developers have largely ignored open source compliance issues in the apps they ship.Given the high growth rate of mobile apps and the immaturity of the market, we are likely seeing the natural outcome of organizations with little experience with open source compliance issues flooding into the arena of software distribution. As education of these app developers around the issues of open source compliance increases, we would expect to see compliance levels climb.
For companies developing mobile apps, we provide five tips for ensuring compliance with open source licenses.
1. Understand open source licensingMake sure your technical, business, and legal teams are educated on open source licensing and compliance issues.2. Create an open source policyDevelop a written open source policy that defines the guidelines for using open source and the processes for approval and compliance.3. Track all open source usageEnsure that all open source usage is tracked – through a request and approval process. In addition, the open source code used should be part of your source code control process.4. Conduct a scan or audit of your codeDepending on developer memories to track open source usage has proven to be very unreliable. In addition, open source code may contain additional licenses that developers are unaware off. Leverage open source audit services or scanning tools to uncover the open source used. There are both free and commercial tools available to help.5. Develop a compliance checklistOnce you have a complete understanding of the open source used in your code and the relevant licenses, create a compliance checklist that helps your developers ensure they have taken the appropriate steps to meet the obligations. Review the checklist with your legal and development teams prior to shipping your app.
For this research, OpenLogic scanned over 635 leading mobile apps for the Android and iOS platforms to identify 68 apps that used open source components under the GPL, LGPL and Apache licenses. We then evaluated the compliance of those apps with four key license provisions. For apps that used open source under GPL and LGPL licenses, we checked whether the app complied with the obligations to provide a copy of the license and a copy of the source code. For apps that used open source under Apache licenses, we checked whether the app provided a copy of the license and the required notices and attributions.
Allowed tags: <a> link, <b> bold, <i> italics