More than 70% of Android, iPhone and iPad apps containing open source do not comply with basic open source license requirements, according to a study.
This was among the findings of a scan and license compliance assessment of 635 leading mobile applications made by OpenLogic, Inc., aprovider of enterprise open source software support, scanning, and governance solutions.
OpenLogic scanned compiled binaries and source code where available for 635 mobile applications to identify open source under GPL, LGPL and Apache licenses. For the 66 applications scanned that contained Apache or GPL/LPGL licenses, 71% failed to comply with four key obligations that OpenLogic analyzed. These included:
The GPL/LGPL license requirements to: provide source code or an offer to get the source code; provide a copy of the license
The Apache license requires to: provide a copy of the licenses;
"Many mobile and tablet developers may not have a complete picture of the open source they are using and the requirements of the open source licenses. This has real-world implications. For example, the Free Software Foundation has stated that the GPL and iTunes license are not compatible, and Apple has already pulled several apps from the store that were determined to be under the GPL," said Kim Weins, senior vice president of products and marketing at OpenLogic. "Google has also received takedown requests for Android market apps that violated the GPL. App developers need to pay attention to open source license compliance to ensure their apps are not impacted by legal actions."
For its research, OpenLogic selected the top paid and free apps for iPad, iPhone and Android across a variety of categories, as well as apps featured in TV ads and apps from the top 20 US companies in the Fortune 500. This representative sampling of 635 apps included banking applications, sports and game applications, applications from the world's most recognized brands and media organizations as well as popular applications from smaller companies.
71% of Android and iPhone apps containing open source failed to comply with the four obligations of the open source licenses that OpenLogic analyzed.
Out of the 635 apps scanned, OpenLogic identified 52 applications that use the Apache license and 16 that use the GPL/LGPL license.
OpenLogic found that among the applications that use the Apache or GPL/LGPL licenses, the compliance rate was only 29%. Android compliance was 27% and iPhone/iOS compliance was 32%. Overall compliance of Android applications using the GPL/LGPL was 0%.
Although the research did not specifically analyze conflicts between different licenses, OpenLogic noted that 13 of the applications came from the Apple App Store used GPL/LGPL. The App Store has already removed other applications that included GPL/LGPL licenses. In addition, two of the applications on Android contained LGPLv2.1. This license could have potential conflicts with Apache 2.0 which is the major license of the Android operating system.
OpenLogic found several apps with extensive EULAs that claimed all of the software included was under their copyright and owned by them when in fact some of the code in the app was open source.
"Mobile applications are going to be the new frontier for open source compliance. The lack of awareness and understanding about open source compliance means that any brand or organization creating mobile applications can be at risk. Still, open source compliance need not be difficult. It simply requires understanding all the open source used in your application and ensuring you comply with the requirements of those licenses," said Kim Weins, from OpenLogic.
OpenLogic will present the results of this survey at AnDevCon on Tuesday, March 8th between 2 p.m. PT and 3:15 p.m. PT. AnDevCon is the technical conference for software developers building or selling Android apps.