March 08, 2011 08:15 ET
OpenLogic Scan Shows Open Source License Violations for iPhone and Android
Results Presented Tuesday March 8th at AnDevCon Conference
BROOMFIELD, CO--(Marketwire - March 8, 2011) - OpenLogic, Inc., the leading provider of enterprise open source software support, scanning and governance solutions, today announced the results of a scan and license compliance assessment of 635 leading mobile applications. Among other findings, the results show that 71% of Android™, iPhone® and iPad® apps containing open source failed to comply with basic open source license requirements.
Using its scanner, OSS Deep Discovery, OpenLogic scanned compiled binaries and source code where available for 635 mobile applications to identify open source under GPL, LGPL and Apache licenses. For the 66 applications scanned that contained Apache or GPL/LPGL licenses, 71% failed to comply with four key obligations that OpenLogic analyzed. These included:
- The GPL/LGPL license requirements to:
- provide source code or an offer to get the source code
- provide a copy of the license
- The Apache license requirements to:
- provide a copy of the licenses
- provide notices/attributions.
"Many mobile and tablet developers may not have a complete picture of the open source they are using and the requirements of the open source licenses. This has real-world implications. For example, the Free Software Foundation has stated that the GPL and iTunes licenses are not compatible, and Apple has already pulled several apps from the store that were determined to be under the GPL," said Kim Weins, senior vice president of products and marketing at OpenLogic. "Google has also received takedown requests for Android market apps that violated the GPL. App developers need to pay attention to open source license compliance to ensure their apps are not impacted by legal actions."
OpenLogic's Scan Results:
For its research, OpenLogic selected the top paid and free apps for iPad, iPhone and Android across a variety of categories, as well as apps featured in TV ads and apps from the top 20 US companies in the Fortune 500. This representative sampling of 635 apps included banking applications, sports and game applications, applications from the world's most recognized brands and media organizations, and popular applications from smaller companies.
- 71% of Android and iPhone apps containing open source failed to comply with the four obligations of the open source licenses that OpenLogic analyzed.
- Out of the 635 apps scanned, OpenLogic identified 52 applications that use the Apache license and 16 that use the GPL/LGPL license.
- OpenLogic found that among the applications that use the Apache or GPL/LGPL licenses, the compliance rate was only 29%. Android compliance was 27% and iPhone/iOS compliance was 32%. Overall compliance of Android applications using the GPL/LGPL was 0%.
- Although the research did not specifically analyze conflicts between different licenses, OpenLogic noted that 13 of the applications came from the Apple App Store(SM) used GPL/LGPL. The App Store has already removed other applications that included GPL/LGPL licenses. In addition, two of the applications on Android contained LGPLv2.1. This license could have potential conflicts with Apache 2.0 -- which is the major license of the Android operating system.
- OpenLogic found several apps with extensive EULAs that claimed all of the software included was under their copyright and owned by them -- when in fact some of the code in the app was open source.
"Mobile applications are going to be the new frontier for open source compliance. The lack of awareness and understanding about open source compliance means that any brand or organization creating mobile applications can be at risk. Still, open source compliance need not be difficult. It simply requires understanding all the open source used in your application and ensuring you comply with the requirements of those licenses," said Kim Weins, from OpenLogic.
Kim Weins, senior vice president of products and marketing at OpenLogic, will present the results of this survey at AnDevCon on Tuesday, March 8th between 2 p.m. PT and 3:15 p.m. PT. AnDevCon is the technical conference for software developers building or selling Android apps.
OpenLogic is a leading provider of open source solutions that enable enterprises to safely acquire, support, and control open source software. OpenLogic provides enterprises with a certified library of open source software that encompasses hundreds of the most popular open source packages via OpenLogic Exchange (OLEX), a free web site where companies can find, research, and download certified, enterprise-ready open source packages on demand. With the broadest open source coverage in the industry, OpenLogic offers indemnification; updates; and enterprise-grade technical support backed by the OpenLogic Expert Community. OpenLogic also provides solutions for open source scanning and governance -- reducing the risk and maximizing the cost savings associated with using open source software. For more on OpenLogic, go to www.openlogic.com.
Android™is a trademark of Google Inc.
iPhone®, iPad® and App Store(SM) are trademarks of Apple.