SOURCE: OpenLogic

August 21, 2012 07:10 ET

OpenLogic Code Scan Reveals Increasing Open Source License Compliance Among Mobile Apps

In 2012, 38% of Scanned iOS/Android Applications Are in Violation of Open Source License Requirements, Down From 71% in 2011

BROOMFIELD, CO--(Marketwire - Aug 21, 2012) - OpenLogic, provider of open source scanners, open source governance solutions and community-backed open source support for the data center and the cloud, today announced the results of a source code scan and license compliance assessment of 66 leading mobile applications containing open source software. The results show that the majority (58.3%) of mobile apps scanned are not in violation of open source licenses.

OpenLogic's mobile application research began in 2011, when the company scanned 635 of the most popular iOS and Android applications, identifying 66 apps that contained Apache, GPL or LPGL licenses. Of those 66 applications, the majority (71%) failed to comply with four key license obligations. The obligations that OpenLogic analyzed were as follows:

  • The GPL and LGPL license requirements to:
    • Provide source code or an offer to get the source code
    • Provide a copy of the license
  • The Apache license requirements to:
    • Provide a copy of the license
    • Provide notices/attributions

In some cases, applications that violate open source license requirements may be subject to legal action and removal from app stores.

Today, OpenLogic is announcing the 2012 update to that mobile app research. In 2012, OpenLogic scanned the latest versions of the same 66 applications in order to study how compliance rates had changed. The new scan found that the number of applications still in violation of open licensing requirements had dropped to 38.3% (down from 71% in 2011).

OpenLogic's Scan Results

  • 58.3% of the 66 applications scanned are not in violation of open source licensing requirements (up from 29% in 2011).
    • 5% of those mobile apps achieved compliance by adding an offer for source code or a copy of the license.
    • However, most of the apps (53.3%) solved the issue by removing the non-compliant open source components altogether.
  • 38.3% of the mobile apps are still in violation of open source licenses (vs. 71% in 2011).
  • The remaining 3.3% of the apps are obsolete and no longer available in the Apple or Android app stores.

"We are pleased to see that the majority of apps that violated open source licenses last year are no longer in violation, demonstrating that companies and developers are increasingly aware of the compliance issue and playing by the open source rules," said Rod Cope, CTO and Founder of OpenLogic. "A simple source code scan quickly gives companies the information they need to understand license compliance, as well as the knowledge required to map out the ideal code governance strategy for their mobile app. Ripping out open source code is not the best approach, but understanding and following license compliance is."

Jilayne Lovejoy, corporate counsel at OpenLogic, will speak about this topic as well as participate in a panel about SPDX at the LinuxCon conference August 29 - 31 in San Diego, CA.

  • "Apps, App Stores, and Open Source": Lovejoy will cover the relevant legal construct relating to FOSS in apps and app stores; a recent research update concerning FOSS use and license compliance in mobile apps; considerations for app developers; and what a FOSS friendly app store might look like. The presentation is Wednesday, August 29 from 2:55 to 3:40 p.m. PT.
  • "SPDX Celebrates Its First Birthday: Where have we been and where are we going?": This panel will include representatives of the SPDX business, technical, and legal working groups and provide an update on the current status of SPDX including the recent release of version 1.1, the current state of adoption, and a view of what's coming in the next release. The panel is Thursday, August 30 from 10:55 a.m. to 11:10 a.m. PT.

Methodology
OpenLogic scanned the 66 mobile applications using its source code scanner, OSS Deep Discovery, which quickly scans software to identify open source components -- even snippets of code that might be copied from open source projects, and even in cases where the source code has been deliberately changed to hide the origin. Open source code scanning is growing in popularity, with OpenLogic recently reporting that OSS Deep Discovery saw a more than 730% increase in the number of files scanned in Q1 2012 over the same period in 2011.

To learn more about OpenLogic's open source scanning tools, please visit http://www.openlogic.com/products/scanning-demo.php

About OpenLogic
OpenLogic is a leading provider of enterprise open source solutions for the cloud and the data center. OpenLogic helps hundreds of leading enterprises across a wide range of industries to safely acquire, support, and control open source software. OpenLogic offers certification, commercial-grade technical support and indemnification for over 650 open source packages backed by the OpenLogic Expert Community. OpenLogic also offers CloudSwing, a complete open PaaS solution for enterprises seeking to deploy applications and customized open source stacks in the cloud, and OLEX Enterprise Edition, a SaaS solution for open source scanning and governance.

Contact Information