Android developers face legal hurdles in license compliance

Developers who make apps for Android have a lot more to worry about than just building great software

Developers who make apps for Android have a lot more to worry about than just building great software.

While Google's Android is offered under the Apache and GPL licenses, the mobile operating system has components referencing 19 open source licenses overall, Black Duck Software executive Peter Vescuso told an audience at LinuxCon in Vancouver.

[ Learn how to manage iPhones, Androids, BlackBerrys, and other smartphones in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. | Keep up on key mobile developments and insights via Twitter and with the Mobile Edge blog and Mobilize newsletter. ]

MORE ON ANDROID: Tips and tricks for protecting Android devices

Even single projects used within Android, like Bionic or WebKit, can have more than a dozen licenses attached to them, some of which may not be certified by the Open Source Initiative. Despite what some people might believe, the obligations spelled out in these open source licenses do not apply to Google alone. Whether you're a device manufacturer or independent developer, compliance challenges must be met.

"The issue with open source software is technical decisions have compliance and legal obligations that you need to be aware of," Vescuso said.

For example, anyone who uses GPL-licensed software and modifies the code is obligated to make those enhancements available to the community. Lawsuits have been filed against retailers who sold DVD players and didn't comply with GPL restrictions. While it's easy to chalk this up to negligence, Vescuso said it's often the basics that people miss.

"My sense is many of the lawsuits in the open source community have been around the most basic compliance," he said. "You change the code, and don't make the source code available."

Black Duck products help manage compliance in open source software environments. And luckily for developers, the Linux Foundation just announced a new specification for tracking license compliance.

The problem could be a big one in the mobile world. Black Duck identified 3,800 new open source mobile projects launched in 2010 alone, and 55 percent of them targeted Android.

It turns out open source developers like Apple too: 39 percent of the new projects are for iOS, the operating system for iPhones and iPads.

Although the iPhone itself includes hundreds of open source components, the operating system itself isn't open source, Vescuso said. The fact that developers are building for the highly popular platform "represents their practicality," he said.

Open source developers have to watch out for roadblocks with Apple, though. GPL-licensed software can't be distributed on the iPhone and iPad App Store, because the GPL disallows additional obligations being placed on software as it travels through the supply chain. Apple violates this by imposing additional terms of service on software offered through the App Store, but it turns out the Android Market does not, making it safer than Apple at least in that respect, Vescuso said.

But ensuring compliance on Android takes research, and it must be treated as a legal and business problem, not just a technical one.

Follow Jon Brodkin on Twitter:

Read more about software

in Network World's Software section.

This story, "Android developers face legal hurdles in license compliance" was originally published by Network World.

Copyright © 2011 IDG Communications, Inc.