OpenLogic survey: 71% mobile apps with FOSS code do not comply
OpenLogic has announced the results of a survey of iOS and Android applications which checked for licence compliance. It found that of the applications which used open source or free software, over 71 per cent were not, apparently, in compliance with the terms of the licence for that code.
The survey used OpenLogic's binary scanning tools to detect the use of open source or free software code in applications; the company then attempted to establish whether the makers of the applications were complying with whichever licences were in use. In the case of Apache licensed code, they checked that the licence and notice of use was displayed somewhere within the applications, and for GPL/LGPL licensed code they checked for the source code was being provided in some way and that the licence was retained.
The company scanned 635 applications in all using its OSS Deep Discovery tool and, to avoid skewing the sample, selected them candidate applications from the "Top 10s" in the app store categories, from the top 20 companies of the US Fortune 500, or those which were featured in advertising. Of the 635 applications, 66 applications were found to have Apache or GPL/LGPL licensed code in them. It was in this set of 66 applications that 71% were found to be not in compliance with the licences of the code they used.
Breaking the numbers down further, among the applications using Apache or GPL/LGPL, the rate of compliance on Android was 27% whilst on iPhone/iOS it was 32%. More surprisingly, on Android applications using the GPL/LGPL, OpenLogic found a 0% compliance rate.
OpenLogic's Kim Weins told The H that the company had taken "a very conservative approach for this research in order to avoid over-reporting non-compliance". For example, matches for the GPL on jQuery were excluded as jQuery is dual-licensed under the GPL or MIT licences. The compliance checking itself involved manually determining if, for example in the case of GPL licences, looking for an offer of source code, the licence text itself, any related notices and checking the vendors site for similar offerings.
Wiens said that OpenLogic were taking no position on the question of whether Apple's App Store was compatible with GPL/LGPL licences, focussing instead on the better understood obligations from the licences. It did find, though, that 14 of the applications in the iTunes store used GPL/LGPL. OpenLogic are not naming the non-compliant applications at this time, but the findings do appear to support the need for tools like the its licence analysis and management applications.