• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Open Source in Android Apps: Tips for Becoming a Good Open Source Citizen

Open Source in Android Apps: Tips for Becoming a Good Open Source Citizen



Kim Weins' presentation at the 2011 AnDevCon conference

Kim Weins' presentation at the 2011 AnDevCon conference



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Open Source in Android Apps: Tips for Becoming a Good Open Source Citizen Open Source in Android Apps: Tips for Becoming a Good Open Source Citizen Presentation Transcript

    • Open Source in Android Apps:Tips for Becoming a Good Open Source Citizen”AnDevConKim Weins, SVP Marketing, OpenLogic
    • What You’ll Learn !   How much open source is used in mobile apps? !   What level of compliance with open source licenses? !   Why should I be concerned? !   What should I do about it? Copyright OpenLogic 2006 2
    • About OpenLogic OpenLogic helps enterprises to successfully and safely acquire, deploy, support and control all of the free and open source software they use. !   Scanning Tools !   Open Source Audits !   Open Source Support Copyright OpenLogic 2006
    • Mobile Apps Depend on Open Source Open Source is Used in 88% of Android Apps & 41% of iOS Apps Source: OpenLogic Mobile Research 9/2010 Copyright OpenLogic 2006 4
    • Mobile Apps Depend on Open SourceMobile Apps YUI SQLite JSON cocos2d OpenSSL ichabber wz_graphics Boost RhodesOpen Source jquery MWFeedParser Selenium PhoneGap Copyright OpenLogic 2006 5
    • But… 6
    • Compliance Concern Mobile Apps Aren’t Consistently Complying with Open Source Licenses Copyright OpenLogic 2006 7
    • Research Methodology !   Scanned 635 Top Apps with OSS Deep Discovery !  123 Android Apps !  512 iOS Apps !   Picked top paid and free apps across categories !   Identified 68 Apps with GPL, LGPL or Apache !  52 with Apache !  16 with GPL/LGPL !   Examined those apps for compliance with key obligations Copyright OpenLogic 2006 8
    • Four Areas of Compliance Analyzed Apache GPL/LGPL Provide copy of license Provide copy of license Notices/Attributions Provide source code Copyright OpenLogic 2006 9
    • Failure to Comply 71% of Apps using Comply 29% Open Source Do Not Comply under GPL, LGPL 71% and Apache do not comply Source: OpenLogic Mobile Research 3/2011 Copyright OpenLogic 2006 10
    • Compliance by Platform 71% of Apps using 27% Open Source 32% Comply Comply under GPL, LGPL and Apache do not comply Android iOS Source: OpenLogic Mobile Research 3/2011 Copyright OpenLogic 2006 11
    • REALLY?Do I need to care? 12
    • Three Reasons to Comply 1.  It’s the right thing to do 2.  Protect your IP 3.  Money in your pocket Copyright OpenLogic 2006 13
    • It’s The Right Thing to Do Free software… but please comply Copyright OpenLogic 2006 14
    • Protect your IP ©©© Copyleft open source ©©© licenses can impact licensing of your IP ©©© Copyright OpenLogic 2006 15
    • Protect your IP Open Source under “Copyleft” Your code license Linking Derivative work? Depends on the license and how you combine the code Copyright OpenLogic 2006 16
    • Money in Your Pocket Non-compliance can result in: Takedowns Injunctions Lawsuits Legal costs Copyright OpenLogic 2006 17
    • Takedown Requests to Android Market Feb 2011 = 206 Takedown Requests Source: Chilling Effects Clearinghouse, Takedown Complaints for Android Market Copyright OpenLogic 2006 18
    • Takedowns: Open Source Copyright Violation Example of complaint to Google re GPL violation. Source: Chilling Effects Clearinghouse Copyright OpenLogic 2006 19
    • More Than A Theoretical Risk: Legal Action Source: Ars Technica Source: cnet Source: The Inquirer Free Software Foundation has been active in GPL enforcement. Copyright OpenLogic 2006 20
    • More Than A Theoretical Risk: Bad PR? Source: Network World Source: Matthew Garrett http://www.codon.org.uk/~mjg59/android_tablets/ Copyright OpenLogic 2006 21
    • OK, OKI get it. 22
    • How to Become A Good Open Source Citizen 1.  Understand open source licensing 2.  Create an open source policy 3.  Track all open source usage 4.  Conduct a scan or audit of your code 5.  Develop a compliance checklist Copyright OpenLogic 2006 23
    • 1. Understand OSS Licensing !   Official definition of OSS license !  Approved by the Open Source Initiative (OSI) ! http://www.opensource.org/ !  Currently over 60 approved licenses !  Key Criteria !  Free distribution !  Source code is available !  Derived works are allowed !  Non-discrimination Copyright OpenLogic 2006 24
    • Categorizing Open Source Licenses Liberal Copyleft No Strings Traditional Additional Strings Attached Open Source Clauses !  MIT/X !  Original BSD !  GNU GPL !  GNU GPL v3 !  W3C !  Apache Software !  GNU LGPL !  Common Public License License !  Eclipse Public !  Mozilla Public License License !  SISSL !  IBM Public License Copyright OpenLogic 2006 25
    • Dependency Issues Impact Licensing !   OSS often depends on or bundles other OSS !   Need to look at all the dependencies and bundled projects and their licenses !  Important: The licenses may not be the same! !   Example: !  Geronimo (Apache license) uses MySQL (GPL) through the MySQL driver (formerly LGPL but now GPL) Copyright OpenLogic 2006 26
    • 2. Create an Open Source Policy !   Things to include !  Licenses allowed !  Approval processes !  Audit and compliance processes !   Considerations !  Keep it lightweight !  Don’t let fear guide you Copyright OpenLogic 2006 27
    • 3. Track all Open Source Usage: Why? !   Know what you are using !   Best practices for software asset management !   Identify opportunities for sharing or savings !   Find out what open source is being used so you can leverage expertise, support, etc. across teams !   Legal & compliance !   Validate that you are complying with licenses !   Be able to determine impact of license changes !   Provide an audit trail for regulatory compliance !   Assess impact of lawsuit or IP infringement !   Maintenance !   Be prepared to handle security patches or critical issues !   Able to plan for maintenance updates !   Support !   Understand level of support necessary !   Share support resources (whether internal or external) Copyright OpenLogic 2006 28
    • 3. Track all Open Source Usage: What? !   What open source packages are used !   What versions are used !   The exact source/object code !   Where you got it from (source) !   What license it s under !   What applications it s used in !   What machines they are used on !   What operating system they are used with !   Whether the project is internal, external or for distribution !   When distributed and to whom !   Approval trail – who approved, when approved, for what purpose Copyright OpenLogic 2006 29
    • 4. Conduct a scan or audit of your code !   Outcome of an OSS audit: !  List of open source packages !  List of open source licenses !  List of license obligations !  List of licenses that may have conflicting terms !   Options !  Scanning tools !  Manual review !  Audit services Copyright OpenLogic 2006
    • 5. Develop a compliance checklist !   Create a compliance checklist: !  Notices in code and/or documentation !  Source code provided in proper way !  Is there an EULA for your product? !   If there are conflicts or compliance is not possible: !  Can you live without this code? !  Is there an alternative to the code? !  Can you contact the author and ask for an exception/different license? !   Risk management: !  What is likely to get litigated? !  What are your sticking points that prevent perfect compliance? Copyright OpenLogic 2006
    • Thanks! !   Slides? ! www.openlogic.com/downloads ! www.slideshare.net !   Learn more ! www.openlogic.com !   To receive details of research ! kim.weins@openlogic.com !   Follow !  @openlogic !  @KimAtOpenLogic Copyright OpenLogic 2006 32