Are mobile developers violating open-source licenses?
Yes. That's the conclusion OpenLogic reached after scanning 635 representative popular paid and free mobile applications, 66 of which contained open-source code. Among them, 71 percent of Android and iOS apps failed to meet open-source license requirements, by varying degrees. The most egregious violators placed copyrights where they shouldn't be. But the most surprising results came from Android apps, where GPL/LGPL license compliance was 0 percent. You're not misreading -- 0 percent.
Kim Weins, OpenLogic senior vice president of products and marketing, is presenting the results later this afternoon at AnDevCon -- the Android Developer Conference -- in San Francisco. OpenLogic evaluated compliance with GPL/LGPL and Apache open-source licenses, using four, basic criteria. For GPL/LGPL: "provide source code or an offer to get the source code" and "provide a copy of the license." For Apache: "provide a copy of the licenses" and "provide notices/attributions."
Fifty-two applications used the Apache license, while another 16 GPL/LGPL. The small number of GPL/LGPL apps takes some thunder from Android apps' 0 percent compliance -- from among all the apps -- but accounted for 24 percent of apps using open-source code.
"Many mobile and tablet developers may not have a complete picture of the open source they are using and the requirements of the open-source licenses," Weins said in a statement. "This has real-world implications. For example, the Free Software Foundation has stated that the GPL and iTunes license are not compatible, and Apple has already pulled several apps from the store that were determined to be under the GPL. Google has also received takedown requests for Android Market apps that violated the GPL. App developers need to pay attention to open source license compliance to ensure their apps are not impacted by legal actions."
Only 29 percent of applications using Apache or GPL/LGPL licenses were in compliance -- 27 percent for Android apps and 32 percent for iOS apps. Then there is that 0 percent GPL/LGPL compliance for Android applications, which circumstances are mitigated by Apache being the major open-source license for the platform.
Open-source licensing problems with commercial software are nothing new. They just have a new venue, as mobile applications and app stores increase in popularity.
"Mobile applications are going to be the new frontier for open source compliance," Weins said in the statement. "The lack of awareness and understanding about open source compliance means that any brand or organization creating mobile applications can be at risk. Still, open source compliance need not be difficult. It simply requires understanding all the open source used in your application and ensuring you comply with the requirements of those licenses."
In closing, I rarely write stories about results presented by companies like OpenLogic. There are inherent conflict-of-interest problems, since here Open Logic provides software and services for helping developers and enterprises keep in compliance with open-source licenses. Because open-source license compliance is going to be a big topic for mobile applications and because OpenLogic is presenting its findings today, I broke with my personal policy of avoiding studies where the company releasing the findings directly benefits from them. Tip to companies sending survey results or other data: This is likely why I ignored you, when so many other blogs or news sites eagerly published your findings.