Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Open Source

Android Devices Are Hives of License Violations 299

inkscapee writes "Android developers are paying little attention to Free/Open Source software licenses and have a 71% violation rate. Come on folks, FOSS licenses are easy to comply with, certainly easier than proprietary software licenses, and less punitive. But it seems even the tiny hoops that FOSS requires are too much for devs eager to cash in."
This discussion has been archived. No new comments can be posted.

Android Devices Are Hives of License Violations

Comments Filter:
  • What the hell? (Score:5, Informative)

    by Stratoukos ( 1446161 ) on Tuesday March 08, 2011 @04:16PM (#35423414)

    The article doesn't mention Android separately. It has one set of numbers for both Android and iOS. Exact quote:

    A new study from open source services vendor OpenLogic reports that 71 percent of Apple iOS and Google Android apps are not in compliance. OpenLogic scanned 635 apps, including both free and paid on the Apple App store and Google Android Marketplace. Of those 635 scanned apps, 52 apps include Apache licensed code while 16 included GPL/LGPL licensed code.

    Who the hell wrote that summary?

    • Re:What the hell? (Score:5, Insightful)

      by jdgeorge ( 18767 ) on Tuesday March 08, 2011 @04:28PM (#35423574)

      Furthermore, the 71% figure has no apparent relationship with the other numbers mentioned in the article.

      The article is nearly as brain-dead as the summary.

      • Re:What the hell? (Score:5, Informative)

        by MozeeToby ( 1163751 ) on Tuesday March 08, 2011 @04:48PM (#35423848)

        Of the 635 apps that they looked at, they confidently identified 68 as having Apache or GPL'd code. Of the 68 apps with open source code 71%, or 48 in absolute terms, were in violation. I admit that it would have been clearer and more interesting to say that 7.6% of the apps they looked at were in violation. If they had a truly random sampling and that number held out, you'd be looking at more than 20,000 apps that are violating the Apache and GPL licenses.

        • You might have found the successor to Fair and Balanced!

          It would be more clear if it said 7.6% of the apps they looked at were in violation, but it's "more interesting" to state totally wild obfuscations because the most inaccurate writing seems to be winning lately. And those other stories a day or three ago were wondering what happened to our state of science education.

    • Re:What the hell? (Score:5, Interesting)

      by dgatwood ( 11270 ) on Tuesday March 08, 2011 @04:44PM (#35423802) Homepage Journal

      And one set for GPL and Apache, too. That's pretty night and day as far as the requirements go, and it's not clear if all of those are really even violations.

      I mean, GPL code, sure. That's pretty much toxic to closed source development. But Apache? How do you even violate the Apache license when you're distributing only object code?

      Apache defines a derivative work very narrowly, such that (by my reading anyway) library code under an Apache license used as a small part of a larger work isn't one. Therefore, one could potentially argue that it doesn't even require attribution or a copy of the license....

      • Re:What the hell? (Score:4, Informative)

        by BitZtream ( 692029 ) on Tuesday March 08, 2011 @07:46PM (#35425522)

        APL, Section 4.1 ... you must include a copy of the apache license.

        Section 4.4 ... if you give attribution to anyone, you must give attribution to the original work you used. I.E. if you credit yourself you have to credit the original authors as well.

        Its REALLY easy to comply with, but I've failed to comply in early releases of both open and closed source software myself simply because I forgot to add attribution and the license file. Of course, as soon as I or anyone else noticed, I fixed it as it is an honest mistake but ... its still REALLY easy to violate the license in a clearly defined way.

    • And then some. (Score:4, Insightful)

      by thePowerOfGrayskull ( 905905 ) <marc,paradise&gmail,com> on Tuesday March 08, 2011 @05:45PM (#35424390) Homepage Journal
      More than that - 71% of 635 apps on Android and iPhone is NOT the same as 71% of Android apps or even 71% of apps period. TFS and TFA both gloss over the fact that this is 71% of a very small sampling -- which may or may not have been specifically targeted based on functionality and features. TFA also does not discuss how the scan was able to identify OSS production by looking at compiled, stripped down, and signed (and possibly encrypted) binaries.

      Hmm, something's fishy here... oh, wait. I see. It's right there in TFA:

      OpenLogic sells a product called the OLEX App Store Edition which provides tooling that can be used by developers to do a self-service scan on their apps prior to submitting to the app store and by app stores to track open source compliance.

      How convenient! A one-company study -- using undisclosed methodology -- draws broad and irrational conclusions that suggest that people really need to buy its products and services. Amazing!

      • by Ost99 ( 101831 )

        More than that - 71% of 635 apps on Android and iPhone is NOT the same as 71% of Android apps or even 71% of apps period.

        It's not 71% of 635 apps. It's 71% of the 68 apps with they found containing GPL and/or Apache licensed code.

  • What about iOS? (Score:5, Insightful)

    by rafial ( 4671 ) on Tuesday March 08, 2011 @04:18PM (#35423432) Homepage

    Wait a minute here, the linked article says "A new study from open source services vendor OpenLogic reports that 71 percent of Apple iOS and Google Android apps are not in compliance." Yet the headline for this story mentions only Android. I understand it's become fashionable to bash Android lately, but this seems a bit egregious. The problem appears to be endemic across all mobile devices.

  • 71 percent? (Score:4, Informative)

    by Anonymous Coward on Tuesday March 08, 2011 @04:19PM (#35423442)

    How does 52 apps out of 635 add up to 71%??

  • by BagOBones ( 574735 ) on Tuesday March 08, 2011 @04:19PM (#35423464)

    Actually I find the Copy left licences have far more demands than any commercial licence. You can spend huge amounts of time figuring out if you can link or not link, how you must publish the code and how you can distribute the application.

    With commercial software you are often presented with a library or set of tools you can or can't bundle with your product, past that there is no code to deal with most of the time..

    • by Teckla ( 630646 ) on Tuesday March 08, 2011 @04:24PM (#35423528)

      Actually I find the Copy left licences have far more demands than any commercial licence. You can spend huge amounts of time figuring out if you can link or not link, how you must publish the code and how you can distribute the application.

      As a commercial software developer myself, I'm glad at least one other person on Slashdot understands this!

      For some of us, copyleft code is, by far, the most expensive code there is. In fact, it's pretty much poison.

      • by The_Wilschon ( 782534 ) on Tuesday March 08, 2011 @04:29PM (#35423594) Homepage
        Well, that was the original intent. RMS envisioned a world in which all software was Free (Libre), and then he thought about how this could be brought about. What he came up with was two-pronged. 1) copyleft 2) write lots of really excellent software, so excellent that people will want to use it even though they know they will get sucked into the copyleft. It appears to be working.
      • by DamonHD ( 794830 )

        I wouldn't go as far as "poison", but the GPL mission is clearly is more important than the efforts of the people who write the GPLed code, ie its aims must win out over the aims and IP of the creative contributors. For example, if I want to make my code easy to use commercially, then using or publishing code under a BSD licence is far easier than GPL. IMHO.

        Rgds

        Damon

      • by H0p313ss ( 811249 ) on Tuesday March 08, 2011 @04:31PM (#35423632)

        Actually I find the Copy left licences have far more demands than any commercial licence. You can spend huge amounts of time figuring out if you can link or not link, how you must publish the code and how you can distribute the application.

        As a commercial software developer myself, I'm glad at least one other person on Slashdot understands this!

        For some of us, copyleft code is, by far, the most expensive code there is. In fact, it's pretty much poison.

        Which was the intent, free to extend, not so free to commercialize. TANSTAAFL [wikipedia.org]

        • As a commercial software developer myself, I'm glad at least one other person on Slashdot understands this!

          The reason so few people "understand" it is because it's complete and utter bullshit.

          For some of us, copyleft code is, by far, the most expensive code there is. In fact, it's pretty much poison.

          No, it's simple. Don't use it. That costs you absoloutely nothing.

          • It sounds to me as though the the GP finds it difficult to find loopholes in the GPL. That is what takes time.

            The only legitimate problems I have come across are grey areas around proprietary plugins and mixing GPL code with proprietary libraries or GPL with open source libraries with GPL incompatible restrictions (e.g. an advertising clause). There is plenty of documentation provided by the FSF (and FAQ and a list of compatible licences) and I doubt there are many legitimate questions to which you cannot g

      • by jedidiah ( 1196 ) on Tuesday March 08, 2011 @04:46PM (#35423820) Homepage

        As a computing professional, I find all of this whining about Free Software license complexity rather embarrassing frankly.

        Electronic Arts and Oracle can manage navigating this "quagmire". Why can't you?

        One really wonders what an SBA audit of you whiners would turn up.

        • Re: (Score:2, Informative)

          by Teckla ( 630646 )

          As a computing professional, I find all of this whining about Free Software license complexity rather embarrassing frankly.

          Who's whining? Please, don't be unnecessarily rude.

          I understand licenses such as the GPL very well. I'm not whining, and I don't find the license complex in the least. I'm simply pointing out that for commercial software developers, GPL'd code is often not an option.

          I also write software for my wife's small business with no plans to distribute, but I avoid GPL code in those projects, too, in case I ever do decide to commercialize what I've created. I don't want to get trapped into too much reliance on somet

          • by Belial6 ( 794905 )
            I have yet to meet a single individual that truly doesn't pirate ANYTHING. You really have never sang happy birthday to someone in a public place? You never drew a copy of a popular cartoon character for a child just because they wanted you to? Copyright violations are EVERYWHERE. It is just that they tend not to get prosecuted if there isn't any money in it.
        • by bws111 ( 1216812 )

          As a computing professional, you should know that EA and Oracle are large corporations, with large, well-staffed legal departments. One of the jobs of said legal departments is navigating quagmires.

          • One of the jobs of said legal departments is navigating quagmires.

            Another job is to avoid creating one. The license bureaucrats will drown you all.

      • by nuggz ( 69912 )

        You can use and distribute copyleft software like anyone else.

        The expensive part is that you can't (easily/effective) sell it, though to be fair you likely didn't pay for it either.

        For users copyleft software can be some of theleast expensive.
        I don't have to upgrade, I don't have to pay for it, it doesn't have time bombs in it.
        If tehre are problems I can get them fixed without relying on the origional vendor to do it, and my data isn't locked up in proprietary formats.

      • by grcumb ( 781340 )

        For some of us, copyleft code is, by far, the most expensive code there is. In fact, it's pretty much poison.

        What?!?

        Explain, please, in 300 words or less, how using GPL software costs you money.

        And no, opportunity cost does not count as costing you money. It wasn't your code to begin with, so you haven't lost money because you can't treat it as if it were. (That would be what a lot of software capitalists call 'Piracy'.)

        And no, you don't lose money because someone else improved on your code. Other people got to benefit from your labour, but you get to benefit from theirs as well. It's quid pro quo all the way down

      • by h4rr4r ( 612664 )

        You don't have to use it. Hell, how about you write your own fucking code?

        Copyleft code is cheap, if BSD give credit, if GPL make source available for everything. Done and done. None of these cost much money at all.

      • Using open source requires making some decisions and in certain sacrificing something. If you are hoping to get a freebie, then you will want to be using a BSD license, but if you decide to use code with GPL then you have to recognise the intent is about "giving back to your peers" - it is not really "something for nothing" as many people think it is. Healthy open source is about people participating in the process, rather than simply trying to get as much free stuff as possible and complaining that the ups

      • by Lehk228 ( 705449 )
        that is because copyleft code is for copyleft development and for end users, it is not there for you to steal.
      • by GreatBunzinni ( 642500 ) on Tuesday March 08, 2011 @05:50PM (#35424434)

        Oh really? Can you please tell us what would be the cost of building a product on a proprietary closed-source software program which doesn't grant anyone the right to extend it, let alone commercialize any derivative work?

        It appears that you are one of those ignorant FLOSS detractors who tries to bitch that hijacking other people's code is "most expensive" while the alternative is... you investing your own time to fill all the countless man-hours that it took other people to build the software you are trying to sell off as if it was your own? Because you sure can't just pick up, for example, Microsoft Office, tweak it's UI and sell it off as Teckla's Office suite.

      • by caseih ( 160668 )

        There's a huge difference though. With a proprietary library I pay for a license to use it under certain terms, which was the whole point of buying the license in the first place. With most open source libraries, they are freely offered to me, but with the complicated terms.

        Thus if I don't like the open source terms, or if I'm not sure they will fit into my proprietary program, I should buy some code that does (maybe from the OSS author... he or she can relicense), or write my own code.

        So if you want to c

    • by vlm ( 69642 )

      You can spend huge amounts of time figuring out if you can link or not link, how you must publish the code and how you can distribute the application.

      One guy in the world whom speaks your native language has to do that one time for each version of each license, pretty much.

      You can't seriously claim that every time you use a line of BSD'd or GPL'd code, you reread and reanalyze the entire license, even if it hasn't changed?

      Also legal jargon is not a strictly interpreted sourcecode. But, none the less, its semi-logical and fairly straightforward. If the GPL mystifies you for a "huge amount of time" then I shiver to imagine how long it takes to figure out

      • by dgatwood ( 11270 )

        One guy in the world whom speaks your native language has to do that one time for each version of each license, pretty much.

        First, a lot of the GPL is open to interpretation. Same goes for pretty much any other license. For example, does a GUI wrapper that calls your GPLed tool fall under the category of a derivative work? It's not at all clear from the license. On the one hand, it uses public interfaces exclusively. On the other hand, it is wholly dependent on the tool for functionality. So it's lega

    • by BitZtream ( 692029 ) on Tuesday March 08, 2011 @04:36PM (#35423692)

      Not sure why you're modded Funny because your statement pretty much matches my experience.

      I've found commercial licenses far easier to deal with than GPL, and that alone is why our company doesn't bother with anything that has GPL attached to it, its just not worth the effort.

      Generally, there are BSD licensed equivilents of the major GPL libraries anyway so why screw with it?

      Even Apples licensing is far easier to deal with than GPL, its just a minefield.

      I realize I'm picking on GPL, but its true of just about all Copy-left licenses, which are most of the time more restrictive than commercial licenses I've dealt with.

      Its sad that its far cheaper overall for our company to pay 100k in licensing fees than to use a copy-left license.

      I'm sure I'll get marked as a troll but the reality of it is, copy-left is a fucking pain in the ass unless you are also copy-left. More software isn't than is.

      • by xaxa ( 988988 ) on Tuesday March 08, 2011 @04:50PM (#35423866)

        copy-left is a fucking pain in the ass unless you are also copy-left

        That's pretty much the point.

      • by NoSig ( 1919688 )
        It's stupid simple. The point of the GPL is to make source code freely available. You can only get in trouble with the GPL if you don't want that, in which case of course the GPL is not for you. All the GPL does is list ways of you being an asshole and telling you not to do that, given that you accepted the premise that the GPL is about making source code available.
      • by h4rr4r ( 612664 )

        How is copyleft software costing you anything or is a pain?
        Is someone forcing you to use it?

        How about this, if you don't want to share alike then STFU and write your own code. Seems pretty simple really.

    • by jedidiah ( 1196 )

      > Actually I find the Copy left licences have far more demands than any
      > commercial licence. You can spend huge amounts of time figuring

      No. Not really.

      Either what you're doing with the code is a derivative work or not. That's pretty clearly spelled out in the license.

      If it's a derivative work, then it needs to be licensed just like whatever you're deriving from.

      It's like "inheritance" is suddenly a mystery just because it's "legal".

      This all gets hashed out every time some "gimme gimme, it's all mine"

    • Actually I find the Copy left licences have far more demands than any commercial licence. You can spend huge amounts of time figuring out if you can link or not link, how you must publish the code and how you can distribute the application.

      Of course you see "far more demands" in free software licenses than in "any commercial license". After all, while in FLOSS licenses the copyright owners have to specify clearly that you can in fact use, copy,distribute, share, alter and even sell the software while typ

  • Tiny hoops (Score:3, Funny)

    by TheCyberShadow ( 1429099 ) on Tuesday March 08, 2011 @04:21PM (#35423474) Homepage

    Wouldn't jumping through tiny hoops be harder?

  • Scum and Villainy and all that.
  • This title/summary really must be changed. It's clearly trying to establish a relationship between this and Oracle in the 'base platform', when the article is basically 'random application developers for *any* platform don't pay close attention to the license terms'.

  • I think this is about the apps, but what about the platform? Honeycomb devices are out there in the wild, thanks to retail sales of Motorola Xoom. But is the source code for the released Honeycomb available yet? Rumors of "exclusivity agreements" floating around? Come on, Google, play it straight.
    • Honeycomb became available before the Xoom was in stores.
      • Was the source available and buildable, or just binaries popped from the emulator?

        Google is very good at making the AOSP and the community surrounding it second class citizens. Has this changed?

  • God-damn, yet another misunderstanding of L/GPL? If I make an app where I can throw birds at pigs that happens to use a GPL'ed JSON library, it doesn't mean that the whole app has to be open-sourced does it?

    Whereas if I take GNU Chess and put a pretty UI on top of it, that's a derivative product, and I do need to provide the source.

    • If I make an app where I can throw birds at pigs that happens to use a GPL'ed JSON library, it doesn't mean that the whole app has to be open-sourced does it?

      Depends, is the library LGPL'd or GPL'd?

      If it's GPL'd, yes. If it's LGPL'd, you only have distribute the source for (and changes to) the library. Think of it by looking (VERY CLOSELY) at glibc and Qt.

    • God-damn, yet another misunderstanding of L/GPL? If I make an app where I can throw birds at pigs that happens to use a GPL'ed JSON library, it doesn't mean that the whole app has to be open-sourced does it?

      Compliance has many aspects. If you're redistributing you may simply have to state it and reproduce the copyright statement.

    • A GPL'd JSON library would require the app to be GPLd, a LGPLd library would not.

      So clearly, its confusing as you didn't even get it right.

    • by amorsen ( 7485 )

      If I make an app where I can throw birds at pigs that happens to use a GPL'ed JSON library, it doesn't mean that the whole app has to be open-sourced does it?

      According to the GPL, the answer is yes, you need to make the whole app Free Software. In terms of copyright law it is a bit more of a gray area, so if you never distribute the JSON library or statically link with it, you can possibly get away with it, in at least some jurisdictions. You need to be able to say that you never accepted the GPL and therefore any distribution of the GPL'd code is right out. Even that may not be enough, but there is AFAIK no clear case law yet.

  • Come on folks, FOSS licenses are easy to comply with, certainly easier than proprietary software licenses, and less punitive.

    Really? You mean like not only complying with the letter of the license but having to receive all sorts of flak and hatred if you happen to violate all the unwritten rules and the "spirit" of the license? To be honest, it's FAR easier to comply with proprietary licenses because they don't have all the political baggage behind them.

    • by grcumb ( 781340 )

      To be honest, it's FAR easier to comply with proprietary licenses because they don't have all the political baggage behind them.

      Would it kill you to explain what 'political baggage' is, in your opinion, and why it's more draconian than, for example, the non-compete and non-disclosure clauses that come with the majority of commercial licenses?

      Seriously: I'd like to know exactly what part of the GPL is 'political', in your opinion. There is a philosophical reason for the license, it's true, that says, 'share and share alike'. But that's not 'political'. It's certainly no more 'political' than contract law, which exerts a comparable pu

  • by Infonaut ( 96956 ) <infonaut@gmail.com> on Tuesday March 08, 2011 @04:28PM (#35423588) Homepage Journal

    From the press release [marketwire.com] for the study:

    OpenLogic found that among the applications that use the Apache or GPL/LGPL licenses, the compliance rate was only 29%. Android compliance was 27% and iPhone/iOS compliance was 32%. Overall compliance of Android applications using the GPL/LGPL was 0%.

  • by Lord Bitman ( 95493 ) on Tuesday March 08, 2011 @04:28PM (#35423590)

    Generally, with proprietary licenses: If you have access to the code, you are allowed to use the code however you want. If you don't have any rights to the code, your employer hasn't negotiated a license, and so you will never see the code.

  • I smell a scam.
    71% are in violation? Really? They scanned every app in the both stores?
    This I feel says it all.
    "OpenLogic sells a product called the OLEX App Store Edition which provides tooling that can be used by developers to do a self-service scan on their apps prior to submitting to the app store and by app stores to track open source compliance."
    I would love to scan my app. I wrote 100% of the code except what I linked from Apple. I think the method may be flawed.

  • by account_deleted ( 4530225 ) on Tuesday March 08, 2011 @04:30PM (#35423620)
    Comment removed based on user account deletion
  • by ShadoHawk ( 741112 ) <<mkreafle> <at> <gmail.com>> on Tuesday March 08, 2011 @04:39PM (#35423734) Homepage
    If you read the article aside from the summary leaving out iOS this is all really an advertisement to sell you a product from OpenLogic called OpenLogic Exchange (OLEX).

    http://www.openlogic.com/products/olex.php [openlogic.com]
    This product will certify your source code is compliant after it scans it...
  • by SwashbucklingCowboy ( 727629 ) on Tuesday March 08, 2011 @04:42PM (#35423764)

    The thing about attributions and Apache License are at least part BS. The Apache license (which I just re-read) only requires attributions when a DERIVATIVE work is distributed. In most cases, I'm betting that companies are not distributing derivative works, but the original work. It's a hole in the license, but that't not the user's fault.

  • When hundreds of tablets and "eReaders" are being released with Android, Busybox, and of course the Linux kernel itself in violation of the GPL by companies who disclaim responsibility for the devices they sell, why should we be surprised to see application developers doing the same? Go ahead and try to get the source that you are legally entitled to when you buy one of these things! You'll be astounded how quickly whatever it is goes from being an extraordinary achievement of that corporation's innovatio
  • by chowdahhead ( 1618447 ) on Tuesday March 08, 2011 @04:54PM (#35423918)
    The report sort of becomes a sales pitch halfway through:

    OpenLogic sells a product called the OLEX App Store Edition which provides tooling that can be used by developers to do a self-service scan on their apps prior to submitting to the app store and by app stores to track open source compliance.

    I don't doubt that violations are occurring, but I question data when not provided by an independent third party.

  • Experiment: Get two people to read the GPL...

    Ask the two people a series of questions relating to what point do they need to share their code even though it is totally unrelated to the GPL work.

    When I invoke it from a shell?

    When I invoke it from a shared library?

    When I invoke it from a library linked to the application?

    When I invoke it from a separate shim process using shared memory or domain sockets?

    When I interact with something else that invokes it?

    Why?

    The GPL is unique in that it is a

  • Android development is not what you'd call license-centric. Stuff gets plugged together and shipped. I'd bet 99% of devs haven't so much as read a license that came with a library they had to go hunting for to get their buttons and spinners to work.

    It's about time the FOSS clowns stopped whining about licensing so hard. Their hypocrisy is showing.

    Run your search, count how many places you find your code, and brag about it. Otherwise, stop being a goit.

  • As an iOS developer, I use a lot of open source frameworks. But most of them are BSD licences - I'm really curious what they found that they considered to be GPL or Apache or LGPL, as I'm not aware of any really popular frameworks using those licenses.

    Another thing to consider is that the users of the frameworks may not be in violation of the INTENT of the license. I'm imagine there are a number of people that just publish code and slap a GPL on it because it's easy to find that license, not thinking abo

  • Maybe FSF/GNU...Linux...Apache should send DMCA-like take-down notices to the Android Market Place (AMP).

    A little code filtering for malicious-fraud/theft of L/FOSS would be very fun/funny to see, after all the MS, SCO... shit over the past couple decades.

    Could AMP be forced to put up and sustain an androidforge.net site or L/FOSS used for AMP-apps?

    Should AMP force all AMP-apps on the AMP-site to label/identify with an OSS-tag/link for code download?

    I say someone should go fyckwidem soon.

He has not acquired a fortune; the fortune has acquired him. -- Bion

Working...