Most Android, iPhone apps violate open source rules
- — 10 March, 2011 05:31
OpenLogic, which makes open source software support, scanning and governance tools, said it analyzed 635 mobile applications for Android, iPhone and iPad, out of which 66 contained open source software under the Apache, GPL or LGPL licenses. The vendor found that 71% of the 66 apps violated key obligations required by the open source licenses.
Although the review targeted only 66 open source apps, there are many more such programs running on Android, iPhone and iPad, or at least in the works. Black Duck Software recently examined 3,800 free and open source mobile projects begun in 2010, and found that 55% were geared toward Android and 39% toward Apple's iOS.
FINE PRINT: Intro to Open Source Software Licensing
Complying with open source requirements seems to be a sore spot for mobile developers, if OpenLogic's survey is any indication.
"Many mobile and tablet developers may not have a complete picture of the open source they are using and the requirements of the open source licenses," Kim Weins, senior vice president of products and marketing at OpenLogic, said in the survey announcement. "This has real-world implications. For example, the Free Software Foundation has stated that the GPL and iTunes licenses are not compatible, and Apple has already pulled several apps from the store that were determined to be under the GPL. Google has also received takedown requests for Android market apps that violated the GPL. App developers need to pay attention to open source license compliance to ensure their apps are not impacted by legal actions."
The Android operating system itself is open source, using the Apache license as well as the GPL for Linux components. But Google is being sued by Oracle, which claims Android infringes on Java patents and copyrights. Apple's iOS is proprietary.
OpenLogic's scan of Android and iOS apps found that most of the open source ones violate GPL requirements such as providing source code or an offer to get the source code, or the requirement to provide a copy of the license; most mobile apps using the Apache license violated requirements to provide a copy of the licenses or notices and attributions.
Failure rates were similar on Android and iOS. The Android apps' compliance rate was 27% and iOS was at 32%.
OpenLogic also said that two Android applications contained LGPL Version 2.1, a license which "could have potential conflicts with Apache 2.0, the major license of the Android operating system."
Further, OpenLogic said it "found several apps with extensive EULAs that claimed all of the software included was under their copyright and owned by them - when in fact some of the code in the app was open source."
OpenLogic did not identify any specific apps, but said its selection targeted "top paid and free apps for iPad, iPhone and Android across a variety of categories," including "apps from the top 20 companies in the Fortune 500." Categories included "banking applications, sports and game applications, applications from the world's most recognized brands and media organizations, and popular applications from smaller companies."
Read more about anti-malware in Network World's Anti-malware section.