+ + Apps, App Stores, and Open Source. End-to-End Open Source Management. Enabling Successful and Safe Open Source Adoption At 300+ Enterprises

(1)

Apps, App Stores,

and Open Source

Jilayne Lovejoy

Corporate Counsel

LinuxCon - August 2012

End-to-End Open Source Management

Enabling Successful and Safe Open Source Adoption

At 300+ Enterprises

Software

+

Support

+

Services

(2)

Apps and App Stores - everyone’s gotta have one

From the

Wall Street Journal

(3)

Compliance actions?

OpenLogic 2011 Mobile Apps Research

£

Scanned 635 Top Apps with OSS Deep Discovery

–

123 Android Apps

–

512 iOS Apps

£

Picked top paid and free apps across various

Provide copy of license

Notices/Attributions

Provide copy of license

Provide source code

Compliance breakdown

71% of Apps

using open

source

under GPL,

LGPL

and Apache

do not comply

Source: OpenLogic Mobile Research 3/2011

Do Not

Comply

71%

In

Complance

29%

(5)

2012 Mobile Apps Research Update

£

Looked at currently available versions of the same

apps that had contained OSS under Apache, GPL

or LGPL from 2011 research

–

Apps may or may not have been updated since

2011

–

Apps that were no longer available were not

counted in terms of compliance

£

Scanned currently available apps

£

Examined these apps for compliance with key

obligations

£

Compared results to 2011 research

2012 Mobile Apps Research Update

Do Not

Comply

38.3%

App Obsolete

3.3%

No

Compliance

Violation

58.3%

38.3%

of Apps

using open

source

under GPL,

LGPL

and Apache

do not comply

(6)

No compliance violations?

Do Not

Comply

38.30%

App Obsolete

3.30%

No compliance

violations:

removed FOSS

53.30%

No compliance

violations: fixed

violation

5.00%

No

Compliance

Violations

58.30%

(7)

Who is responsible for open source

license compliance?

(who distributes?)

App Developers?

App Store?

(8)

App Developers

£

“Distributes” app to app store

à

therefore must comply with

licenses for any open source

software included in the app

£

Challenges to compliance?

–

Lack of awareness or open source

policy/tracking

–

Where to put attribution notices

–

How/where to provide source code

–

Agrees to app store’s developer

terms (which may have restrictions)

Developer terms

OPEN

SOURCE

OPEN

(9)

Risk to App Developer?

£

Legal

–

Contractual agreement with app store

–

£

Practical/Business

–

Loss of $$

–

Loss of choice of distribution channels

–

Reputation

–

Less freedom in development process

App Stores

£

“Distributes” app to end-user

à

therefore must comply with

licenses for any open source

software included in the app

£

Challenges to compliance?

–

Did developer comply?

•

Attribution notices

•

Provide source code

–

Volume of apps

–

End-user agreement has

restrictions that are incompatible

with open source licenses

(10)

App Store End User License Agreements

£

Android Market Terms of Service

–

Sec 4.2 Some components of Products (whether

developed by Google or third parties) may also be

governed by applicable open source software licenses.

In the event of a conflict between the Terms and any

such licenses, the open source software licenses shall

prevail with respect to those components.

£

If Apple has added something like this to the

iTunes terms of service, would that have been

enough?

App Stores – DMCA safe harbor?

£

Congress sought to balance rights of copyright holders and liability of

service providers

£

Limits liability for copyright infringement for certain service providers or

activities

–

Bars money damages and limits injunctive relief

£

Is an app store “a provider of online services or network access, or the

operator of facilities therefor”? (17 U.S.C. § 512 (k)(1)(B)

£

If falls under DMCA protection, then must show:

–

No actual knowledge or awareness of facts or circumstances from which

infringing activity would be apparent

–

Expeditious response to remove infringing material once has knowledge

or notice

–

Does not receive financial benefit directly attributable to infringing activity

(11)

Risk to App Store?

£

Legal

–

£

Practical/Business

–

Loss of $$

–

Loss of choice of apps

(12)

FOSS-friendly App Store?

£

Should an app store allow open source software in apps?

–

Should an app store restrict certain licenses?

£

How can an app store encourage compliance by developers?

£

Should an app store make compliance a requirement (and check)?

–

Ask for a BOM as a requirement for submitting an app?

–

Check for actual compliance?

–

Provide a central repository for source code?

–

Scan every app before it’s accepted?

£

Should app stores take a more active role in education and outreach

around compliance?

£

What else could app stores do to encourage, facilitate, and

(13)

Questions?

[email protected]

This work is licensed under the Creative

Commons Attribution 3.0 Unported License.

To view a copy of this license, visit:

+ + Apps, App Stores, and Open Source. End-to-End Open Source Management. Enabling Successful and Safe Open Source Adoption At 300+ Enterprises

Apps, App Stores,

From the

categories

Provide copy of license

2012 Mobile Apps Research Update

Scanned currently available apps

No compliance violations?

App Developers

Agrees to app store’s developer

Reputation

Volume of apps

developed by Google or third parties) may also be

iTunes terms of service, would that have been

Is an app store “a provider of online services or network access, or the

Risk to App Store?

Should an app store restrict certain licenses?

Should app stores take a more active role in education and outreach

http://creativecommons.org/licenses/by/3.0/