Slashdot Mirror
Android Devices Are Hives of License Violations
inkscapee writes "Android developers are paying little attention to Free/Open Source software licenses and have a 71% violation rate. Come on folks, FOSS licenses are easy to comply with, certainly easier than proprietary software licenses, and less punitive. But it seems even the tiny hoops that FOSS requires are too much for devs eager to cash in."
The article doesn't mention Android separately. It has one set of numbers for both Android and iOS. Exact quote:
A new study from open source services vendor OpenLogic reports that 71 percent of Apple iOS and Google Android apps are not in compliance. OpenLogic scanned 635 apps, including both free and paid on the Apple App store and Google Android Marketplace. Of those 635 scanned apps, 52 apps include Apache licensed code while 16 included GPL/LGPL licensed code.
Who the hell wrote that summary?
It may be 7 digits, but at least it's a semiprime
Wait a minute here, the linked article says "A new study from open source services vendor OpenLogic reports that 71 percent of Apple iOS and Google Android apps are not in compliance." Yet the headline for this story mentions only Android. I understand it's become fashionable to bash Android lately, but this seems a bit egregious. The problem appears to be endemic across all mobile devices.
How does 52 apps out of 635 add up to 71%??
You flag the app, and Google will remove the apps from the android market. Why are Google to blame here? iOS has violations too. http://www.pocketgamer.co.uk/r/iPhone/The+Blocks+Cometh/news.asp?c=26696
Actually I find the Copy left licences have far more demands than any commercial licence. You can spend huge amounts of time figuring out if you can link or not link, how you must publish the code and how you can distribute the application.
With commercial software you are often presented with a library or set of tools you can or can't bundle with your product, past that there is no code to deal with most of the time..
EA David Gardner -"... but the consumers have proven that actually what they want is fun."
I agree with this person's sentiment. It makes me a bad person, but it's at least true. I have found software I wrote with an open source license used with the license stripped. I can't afford an attorney so I use the sour grapes model to get over myself. It works pretty darned good. Lets me get on with life*.
*: your inevitable life joke is hilarious. har.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
Wouldn't jumping through tiny hoops be harder?
Actually I find the Copy left licences have far more demands than any commercial licence. You can spend huge amounts of time figuring out if you can link or not link, how you must publish the code and how you can distribute the application.
As a commercial software developer myself, I'm glad at least one other person on Slashdot understands this!
For some of us, copyleft code is, by far, the most expensive code there is. In fact, it's pretty much poison.
The three layer model used by Creative Commons is a great method of making licenses effective but unintimidating.
Have a look at this relatively burdensome lawyer-readable version:
http://creativecommons.org/licenses/by-nc-nd/3.0/legalcode
and then have a look at the "human-readable" version:
http://creativecommons.org/licenses/by-nc-nd/3.0/
Then concurrent with both of those, there is the machine-readable version, so automation is facilitated.
I understand that more-closed licenses have more particulars, but one would think there could be ways to adopt this general form.
You flag the app, and Google will remove the apps from the android market. Why are Google to blame here? iOS has violations too. http://www.pocketgamer.co.uk/r/iPhone/The+Blocks+Cometh/news.asp?c=26696
Ok, that's one iOS example down, 177,499 to go to equal Android ( at 71% of the 250,000 current iPhone apps).
I retract my previous post. I didn't RTFA, and didn't realize the Summary was misleading.
Sorry, Androids, I apologize. I guess we're ALL in the license-violation-boat together...
Come on folks, FOSS licenses are easy to comply with, certainly easier than proprietary software licenses, and less punitive.
Really? You mean like not only complying with the letter of the license but having to receive all sorts of flak and hatred if you happen to violate all the unwritten rules and the "spirit" of the license? To be honest, it's FAR easier to comply with proprietary licenses because they don't have all the political baggage behind them.
From the press release for the study:
OpenLogic found that among the applications that use the Apache or GPL/LGPL licenses, the compliance rate was only 29%. Android compliance was 27% and iPhone/iOS compliance was 32%. Overall compliance of Android applications using the GPL/LGPL was 0%.
Read the EFF's Fair Use FAQ
Generally, with proprietary licenses: If you have access to the code, you are allowed to use the code however you want. If you don't have any rights to the code, your employer hasn't negotiated a license, and so you will never see the code.
-- 'The' Lord and Master Bitman On High, Master Of All
Well, that was the original intent. RMS envisioned a world in which all software was Free (Libre), and then he thought about how this could be brought about. What he came up with was two-pronged. 1) copyleft 2) write lots of really excellent software, so excellent that people will want to use it even though they know they will get sucked into the copyleft. It appears to be working.
SIGSEGV caught, terminating
wait... not that kind of sig.
I wouldn't go as far as "poison", but the GPL mission is clearly is more important than the efforts of the people who write the GPLed code, ie its aims must win out over the aims and IP of the creative contributors. For example, if I want to make my code easy to use commercially, then using or publishing code under a BSD licence is far easier than GPL. IMHO.
Rgds
Damon
http://m.earth.org.uk/
Because, something like the GPL confers an obligation that your code be under the same license, that you will tell people it is using code under that license, and that you will make the code (and changes made by you) available for a 'reasonable' amount to cover shipping and media (for example).
Taking the code, using it, pretending you never did, and failing to comply with the license is considered to be a breech of the licensing terms.
This is why commercial software companies can find FOSS problematic since your own code can end up being interpreted as needing to be under a free license.
Contrast this with something like th BSD or Apache licenses, which more or less say "have at it", and if you want to bundle it into your app, go ahead.
Lost at C:>. Found at C.
top experts explain as "predictable" open source service provider OpenLogic, charged with ensuring companies remain as terrified as is humanly possible about the threat of cancer-like, communist free software made a daunting proclamation. OpenLogic insists that most, if not every bit of software in the latest trendy open-source ecosystem is rife with non-compliance. this veritable tower of babel may crash down upon those who do not stop to panic long enough to purchase OpenLogic products and services, with disasterous effects that may or may not, kill your cat.
Good people go to bed earlier.
Depends, is the library LGPL'd or GPL'd?
If it's GPL'd, yes. If it's LGPL'd, you only have distribute the source for (and changes to) the library. Think of it by looking (VERY CLOSELY) at glibc and Qt.
Actually I find the Copy left licences have far more demands than any commercial licence. You can spend huge amounts of time figuring out if you can link or not link, how you must publish the code and how you can distribute the application.
As a commercial software developer myself, I'm glad at least one other person on Slashdot understands this!
For some of us, copyleft code is, by far, the most expensive code there is. In fact, it's pretty much poison.
Which was the intent, free to extend, not so free to commercialize. TANSTAAFL
XML is a known as a key material required to create SMD: Software of Mass Destruction
http://encyclopediadramatica.com/Slashdot
boycott slashdot February 10th - 17th check out: altSlashdot.org
You can spend huge amounts of time figuring out if you can link or not link, how you must publish the code and how you can distribute the application.
One guy in the world whom speaks your native language has to do that one time for each version of each license, pretty much.
You can't seriously claim that every time you use a line of BSD'd or GPL'd code, you reread and reanalyze the entire license, even if it hasn't changed?
Also legal jargon is not a strictly interpreted sourcecode. But, none the less, its semi-logical and fairly straightforward. If the GPL mystifies you for a "huge amount of time" then I shiver to imagine how long it takes to figure out a "hello world" (unless you're doing it in intercal or whitespace, etc)
Code that is written under "some random loons license" is probably either very special in which case you don't care how long it takes, or there is a (probably better) BSD and/or GPL version out there to be used.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Not sure why you're modded Funny because your statement pretty much matches my experience.
I've found commercial licenses far easier to deal with than GPL, and that alone is why our company doesn't bother with anything that has GPL attached to it, its just not worth the effort.
Generally, there are BSD licensed equivilents of the major GPL libraries anyway so why screw with it?
Even Apples licensing is far easier to deal with than GPL, its just a minefield.
I realize I'm picking on GPL, but its true of just about all Copy-left licenses, which are most of the time more restrictive than commercial licenses I've dealt with.
Its sad that its far cheaper overall for our company to pay 100k in licensing fees than to use a copy-left license.
I'm sure I'll get marked as a troll but the reality of it is, copy-left is a fucking pain in the ass unless you are also copy-left. More software isn't than is.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
BSD and Apache license are FOSS. FOSS != copyleft
The linked article says "A new study from open source services vendor OpenLogic reports that 71 percent of Apple iOS and Google Android apps are not in compliance." So I guess they ARE saying around 177,500 iOS apps are also offenders.
But I am taking the whole article with some skepticism.
HTC EVO 4G LTE w/ CM 10.2 | NookColor w/ CM 10.2 | Samsung Epic 4G w/ CM 10.1
If you read the article aside from the summary leaving out iOS this is all really an advertisement to sell you a product from OpenLogic called OpenLogic Exchange (OLEX).
http://www.openlogic.com/products/olex.php
This product will certify your source code is compliant after it scans it...
It's pretty simple really.
If it's not yours, you probably should not treat it as such.
Never mind law school. Try making it to kindergarten.
A Pirate and a Puritan look the same on a balance sheet.
The thing about attributions and Apache License are at least part BS. The Apache license (which I just re-read) only requires attributions when a DERIVATIVE work is distributed. In most cases, I'm betting that companies are not distributing derivative works, but the original work. It's a hole in the license, but that't not the user's fault.
"Do no evil, but don't get in the way of letting others do it."
In practice, that is preferable to policing others, yes.
Of course you see "far more demands" in free software licenses than in "any commercial license". After all, while in FLOSS licenses the copyright owners have to specify clearly that you can in fact use, copy,distribute, share, alter and even sell the software while typical proprietary licenses state that you can't do anything at all with them. The latter is pretty clear, while the former may not be to some people.
But nevertheless you are wrong. Typical proprietary software licenses extend for multiple pages, where some pretty outrageous demands are put in place. For example, I've took the time to read a license of a PDF reader that was installed by default on my Android phone and burried in the details it is said that by installing that app I agreed to grant the software distributor or any representative of theirs the right to not only enter my house whenever they see fit but also let them confiscate any electronic device in my house so they can audit them and search for unauthorized copies. I defy you to find any clause in any FLOSS license that imposes any demand which is more outrageous than this.
Slashdot, fix your code or at least hire someone who is competent at it to do it for you.
As a computing professional, I find all of this whining about Free Software license complexity rather embarrassing frankly.
Electronic Arts and Oracle can manage navigating this "quagmire". Why can't you?
One really wonders what an SBA audit of you whiners would turn up.
A Pirate and a Puritan look the same on a balance sheet.
copy-left is a fucking pain in the ass unless you are also copy-left
That's pretty much the point.
Oops, that's ambigious language.
copy-left is a fucking pain in the ass unless you are also copy-left
That's pretty much the intention.
OpenLogic sells a product called the OLEX App Store Edition which provides tooling that can be used by developers to do a self-service scan on their apps prior to submitting to the app store and by app stores to track open source compliance.
I don't doubt that violations are occurring, but I question data when not provided by an independent third party.
If you use a piece of Free Software in your software product and then distribute that product and you fail to follow the license then the folks that wrote that particular piece of software have you by the nuts. You might not like whining, but I can guarantee you that you'll like litigation a lot less. Especially because you will lose, and the penalties for copyright violation are ridiculous (at least in the U.S.). Assuming, of course, that the folks that wrote the Free Software that you "borrowed" actually care, which is probably not the case.
In fact, in this particular case the article is basically about a company that scans people's software for them, finds out if they have any licensing issues, and then offers to help you sort the licensing issues out if they find something bad. It's not really the Free Software developers that are whining. Instead it is a third party that wants you to pay them money to help you sort out a licensing issue on the off chance that the Free Software developers *do* decide to complain. You might not think that this is a service, but your legal counsel probably has a different opinion.
You don't have to use it. Hell, how about you write your own fucking code?
Copyleft code is cheap, if BSD give credit, if GPL make source available for everything. Done and done. None of these cost much money at all.
Experiment: Get two people to read the GPL...
Ask the two people a series of questions relating to what point do they need to share their code even though it is totally unrelated to the GPL work.
When I invoke it from a shell?
When I invoke it from a shared library?
When I invoke it from a library linked to the application?
When I invoke it from a separate shim process using shared memory or domain sockets?
When I interact with something else that invokes it?
Why?
The GPL is unique in that it is a vampire license...Commercial licenses don't work that way...They are coherent and easy to understand.
LGPL is coherent and easy to understand. GPL is hostile to commercial developers as well as other developers who choose to control the terms of their work. I've seen entire open source projects rewritten to work around GPL. It is really a waste of time in my opinion... Commercial developers are the ones with the resources to really contribute to a shared system and make it better... GPL..in many cases... not so much...
Hmm, something's fishy here... oh, wait. I see. It's right there in TFA:
OpenLogic sells a product called the OLEX App Store Edition which provides tooling that can be used by developers to do a self-service scan on their apps prior to submitting to the app store and by app stores to track open source compliance.
How convenient! A one-company study -- using undisclosed methodology -- draws broad and irrational conclusions that suggest that people really need to buy its products and services. Amazing!
2. They offer to sell developers scanning software so devs can make sure their apps are in compliance.
3. PROFIT!?!
Color me skeptical.
Oh really? Can you please tell us what would be the cost of building a product on a proprietary closed-source software program which doesn't grant anyone the right to extend it, let alone commercialize any derivative work?
It appears that you are one of those ignorant FLOSS detractors who tries to bitch that hijacking other people's code is "most expensive" while the alternative is... you investing your own time to fill all the countless man-hours that it took other people to build the software you are trying to sell off as if it was your own? Because you sure can't just pick up, for example, Microsoft Office, tweak it's UI and sell it off as Teckla's Office suite.
Slashdot, fix your code or at least hire someone who is competent at it to do it for you.
One of the jobs of said legal departments is navigating quagmires.
Another job is to avoid creating one. The license bureaucrats will drown you all.
For justice, we must go to Don Corleone
Sure. but unless you're writing your own runtime libraries, you're always going to be relying on the work of others.
Society doesn't advance if we have to reinvent the wheel each time we solve a problem.
There's no -1 for "I don't get it."
Great! So how do you define ownership in such a way that the definition applies to stored data, verbally transmitted data, concepts, names and the like?
Use of the words "good", "bad" or "evil" is almost invariably the result of oversimplification.
As a commercial software developer myself, I'm glad at least one other person on Slashdot understands this!
The reason so few people "understand" it is because it's complete and utter bullshit.
For some of us, copyleft code is, by far, the most expensive code there is. In fact, it's pretty much poison.
No, it's simple. Don't use it. That costs you absoloutely nothing.
SJW n. One who posts facts.
There's a huge difference though. With a proprietary library I pay for a license to use it under certain terms, which was the whole point of buying the license in the first place. With most open source libraries, they are freely offered to me, but with the complicated terms.
Thus if I don't like the open source terms, or if I'm not sure they will fit into my proprietary program, I should buy some code that does (maybe from the OSS author... he or she can relicense), or write my own code.
So if you want to complain about how "expensive" open source libraries are, that simply comes across as whining. They gave me this free code but I can't do what I want with it. Seems like most people who whine about how hard it is to use OSS code in a proprietary project need to just let it go and buy code under a license that fits their needs. If they are going to make money, then why not expect to pay library developers as well.
Comments like this one cause me to desire to release all my code only under the GPL if I was writing a library, just so I can get paid for it when my code is used in a proprietary situation.
Now, if you are an OSS developer using OSS tools and libraries, juggling licenses can get very tricky indeed.
It does not prevent commercial activity, but it does constrain commercial activity and impose legal requirements on adopters.
The average Joe without a massive legal department behind him to keep him honest does face an uphill battle if they chose to use or redistribute FOSS components.
That being said, because I work for one of the worlds largest corporations with a huge legal staff AND quite possibly the single largest corporate contributor to open source, all of my work is based on open frameworks and FOSS. As a result I get to re-use most of the time instead of re-inventing the wheel at every turn. This is the true benefit of open source. The cost however is not trivial, but it is cheaper than reinventing the wheel once you scale it up.
In short, doing it right ain't easy, but it does pay off in the long run.
XML is a known as a key material required to create SMD: Software of Mass Destruction
Why are Google to blame here? iOS has violations too.
Because the licences don't have a clause saying:
5.1 Unless Apple's breaking the licence too, in which case do whatever you like.
Nor (as Slashdot might like) one saying
5.1 Unless you are Google, in which case of course we all know you "do no evil", so do what you like because by definition we mustn't think it's evil.
If Google are distributing it (and they are -- Android Market is owned and operated by Google) then they are most definitely on the hook. The GPL, amongst others, explicitly calls out distributors of software.
It sounds to me as though the the GP finds it difficult to find loopholes in the GPL. That is what takes time.
The only legitimate problems I have come across are grey areas around proprietary plugins and mixing GPL code with proprietary libraries or GPL with open source libraries with GPL incompatible restrictions (e.g. an advertising clause). There is plenty of documentation provided by the FSF (and FAQ and a list of compatible licences) and I doubt there are many legitimate questions to which you cannot get an answer in five minutes.
ON the other hand proprietary licences are not necessarily that straightforward either. What about the cost of tracking licences: QT is per developer, others require a royalty per unit, others per product, so depend on licences for other products in ambiguous ways (e.g. MS .Net Framework license).