Study: mobile devs ignore open source duties

A recent study has suggested that around 71 per cent of smartphone apps containing open source code fail to adhere to the basic conditions of the original licence, potentially leaving their developers at risk of takedown notices and even legal action.

The study, which was carried out by open source suport specialist OpenLogic, analysed a representative sample of 635 apps on the popular Android and iOS smartphone platforms - a drop in the ocean, it's true, but with perhaps surprising results.

Using the company's OSS Deep Discovery tool, which is capable of analysing both source code and the resultant compiled binaries for code licensed under open source terms, the study found that 66 of the 635 apps contained code licensed under the Apache, GPL, or LGPL licences. From this sample, 71 per cent was found to be flouting the terms of the licences.

The Apache licence requires that a full copy of the licence's terms and conditions are provided with the app, along with full attribution of where reused code came from. The GPL goes a step further, and requires that source code is provided alongside a copy of the licence - or, at least, a link to where source code can be obtained.

"Many mobile and tablet developers may not have a complete picture of the open source they are using and the requirements of the open source licences," said OpenLogic's Kim Weins of the study. "This has real-world implications. For example, the Free Software Foundation has stated that the GPL and iTunes licenses are not compatible, and Apple has already pulled several apps from the store that were determined to be under the GPL.

"Google has also received takedown requests for Android market apps that violated the GPL. App developers need to pay attention to open source licence compliance to ensure their apps are not impacted by legal actions."

The full results, which the company presented yesterday at the AnDevCon conference for Android developers, found that coders building apps for the open source Android plaform were - perhaps ironically - the least likely to adhere to licence terms, with 27 per cent compliance compared to 32 per cent on Apple's closed source iOS platform.

A more worrying claim is that the study found 'several' apps with extensive end-user licence agreements where the developer takes full credit for the entirety of the software, asserting complete ownership and copyright - despite the use of open source code.

"Mobile applications are going to be the new frontier for open source compliance," Weins claimed. "The lack of awareness and understanding about open source compliance means that any brand or organization creating mobile applications can be at risk. Still, open source compliance need not be difficult. It simply requires understanding all the open source used in your application and ensuring you comply with the requirements of those licenses."

With compliance figures as poor as these, there's little wonder Microsoft wants to dodge the issue by banning GPLv3 and LGPLv3 content from its Windows Phone marketplace.