Your SlideShare is downloading. ×
  • Like
Mobile Apps and Open Source Compliance: What You Need to Know
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Mobile Apps and Open Source Compliance: What You Need to Know

  • 2,084 views
Published

The use of mobile apps is exploding, and many mobile apps today use open source software. A recent study by OpenLogic found open source – including many GPL-type licenses – in 88% of Android apps and …

The use of mobile apps is exploding, and many mobile apps today use open source software. A recent study by OpenLogic found open source – including many GPL-type licenses – in 88% of Android apps and 41% of iPhone/iPad apps analyzed, yet many app developers and app store owners don't have processes in place to ensure compliance with open source licenses. Non-compliance with open source licenses can lead to lost revenue as well as potential legal action.

This webinar will discuss the key issues associated with mobile apps, app stores, and open source compliance. Attendees will learn about the use of open source software in mobile apps as well as best practices for ensuring that mobile apps and app stores comply with open source licenses. We will also provide an overview of OpenLogic Exchange (OLEX) App Store Edition, which is specifically designed to help app store owners automate open source compliance processes.

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
2,084
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
50
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Mobile Apps and Open Source Compliance: What You Need to Know Webinar on October 20, 2010 Presented by Kim Weins, Senior VP of Products and Marketing
  • 2. OpenLogic Company Confidential Mobile Apps and OSS Compliance Why Worry? Compliance Challenges Best Practices Getting Help
  • 3. OpenLogic Company Confidential About OpenLogic OpenLogic is an open source provider and aggregator. We enable enterprises to successfully and safely acquire, deploy, support and control open source software. Pioneering Achievements 2006 OXC – OpenLogic Expert Community 2006 OSS Discovery scanner 2007 OLEX – SaaS Governance Platform 2008 OSS Census 2009 OSS Fulfillment Center 2010 OSS Deep Discovery scanner Facts 12 years in open source 180 enterprise customers Library of 340,000 open source projects Support for 550+ open source projects 200+ OXC members
  • 4. Why Worry?
  • 5. OpenLogic Company Confidential Mobile Apps Come from All Types of Companies
  • 6. OpenLogic Company Confidential 6 Mobile Apps and Distribution App Developers Companies or Individuals App Stores App Users DistributionDistribution DistributionDistribution DistributionDistribution
  • 7. OpenLogic Company Confidential OpenLogic Research on Mobile Apps & OSS Scanned binaries/executables of apps downloaded with OpenLogic scanning tools Used two techniques for detection License strings and OSS frameworks May have more OSS that could be found with other techniques Access to source code, would likely find more open
  • 8. OpenLogic Company Confidential OpenLogic Research on Mobile Apps & OSS iPhone/iPad Apps Android Apps Apps Analyzed 364 top apps from iTunes store 90 top apps from Android Marketplace % with OSS 41% of apps (149) 88% of apps (79) % with GPL 8% of apps (30) 3% of apps (2)
  • 9. OpenLogic Company Confidential Apps and OSS: Why Worry? GPL in iTunes Store Gnu GO app includes GPL –doesn’t comply with terms FSF says iTunes Store Terms of Service are incompatible with GPL Apple pulls GNU Go from App Store Battle for Wesnoth app is GPL Developers comply with terms, but conflicts with EULA Debate in Wesnoth community about providing an exception GPL in App Store Developer submits app to contest, wins contest Someone notices it is based on GPL app Not in compliance with GPL App store owner removes app and takes away winnings
  • 10. OpenLogic Company Confidential Bottom Line App stores and developers are liable for OSS license compliance FSF is paying attention to GPL issues and app stores Expect to see more enforcement actions coming down the pike App developers and App store owners need to ensure they are complying with OSS licenses
  • 11. Compliance Challenges
  • 12. OpenLogic Company Confidential 12 Open Source License Complexities OSS often depends on or bundles other OSS Need to look at all the dependencies and bundled projects and their licenses Important: The licenses may not be the same! OSS Package A BSD License OSS Package B MIT License OSS Package C GPL License OSS Package D LGPL License File X Apache License File Y Freeware License Software applications we audit have 3-5x as many OSS licenses as the developers thought.
  • 13. OpenLogic Company Confidential Obligations for OSS: It’s Not Just About GPL General Compliance Obligations Location of Notice Requirements Copyright Notices Warranty Disclaimers Attributions Modifications Provision of Source Code Protection and Copyleft-”ness” Endorsement Product Naming Organization (Education, Military, etc.) Export 13
  • 14. OpenLogic Company Confidential 14 App Store Developer Agreements App Developers Companies or Individuals App Stores DistributionDistribution Developer agreements may require -disclosure of OSS -limits on OSS -indemnification But lawsuits will likely follow the money or the brand name!
  • 15. OpenLogic Company Confidential Bottom Line App Developers May not realize they are “distributing” May not realize what OSS they are using May not comply with OSS licenses App Stores App stores take apps from many developers Developer agreements often require developer to declare OSS used and comply with licenses Despite developer agreements, app store “owner” are also at risk since they distribute & have deep pockets App store EULAs may conflict with GPL-type licenses FSF has stated GPL conflicts with Itunes store EULA
  • 16. Best Practices
  • 17. OpenLogic Company Confidential App Developers Put in place an open source policy and approval process Provide guidelines for developers & train them Have an approval process Get a complete picture of what is in your code Thorough tracking by developers Use scanning tools or audit services Put in place a compliance process Compliance checklist for developers Validation of compliance
  • 18. OpenLogic Company Confidential App Stores Realize you are at risk Indemnification in the developer agreement is not sufficient Determine allowable OSS licenses Evaluate against your EULA and terms of use Put in place an OSS due diligence process Similar to vetting technical, privacy and security issues Automated scanning of apps Checking against allowed list Provide OSS guidelines to developers Provide detailed documents and FAQs explaining what the developers should do
  • 19. Getting Help
  • 20. OpenLogic Company Confidential OpenLogic Offerings that Can Help Services App Audit Bill of Materials, Bill of Licenses License Obligation Analysis Obligations and Compliance Checklist App Certification Certification that App complies with relevant obligations Scanning and Compliance Solutions OLEX Enterprise Edition OLEX App Store Edition
  • 21. OpenLogic Company Confidential OLEX Enterprise Edition Open source scanning & compliance solution for app developers Policies Approval processes Scanning Compliance Audit trail
  • 22. OpenLogic Company Confidential OLEX Enterprise Edition
  • 23. OpenLogic Company Confidential OLEX App Store Edition Open source scanning & compliance solution for App Stores Self-service compliance portal for developers App store compliance portal App Store Integration APIs Services Advisory Services Technical Services (Integration and Customization with the App Store) Developer Support Services Audit Services
  • 24. OpenLogic Company Confidential Sample Open Source Scanning Process Submission Form: Declare licenses Submission Form: Declare licenses Developer Scans source code on own system Developer Scans source code on own system Developer Downloads Scanner Developer Downloads Scanner Scan resultsScan results OLEX: Found OSS? OLEX: Found OSS? OLEX: Matches declaration? OLEX: Matches declaration? No OSS: Good to go No OSS: Good to go No OLEX: Allowed licenses? OLEX: Allowed licenses? Yes Compliance process Compliance process Yes Add licensesAdd licenses No Yes No Fail to developer with report Fail to developer with report Developer provides response Developer provides response OpenLogic verify OpenLogic verify
  • 25. OpenLogic Company Confidential Key Benefits of OLEX App Store Edition Risk reduction Helps app store proprietors do the appropriate level of due diligence to ensure Apps comply with OSS licenses Minimize delays in acceptance of Apps Self-service, automated processes Integrates into App Store submission process Maintains code privacy for developer Developer does not need to submit code to the App Store Expert assistance Provides developers and App Store owners with expertise to help them ensure OSS compliance
  • 26. OpenLogic Company Confidential Q&A Email Kim.weins@openlogic.com Twitter @KimAtOpenLogic @OpenLogic Facebook http://on.fb.me/cKmVzK Web www.openlogic.com olex.openlogic.com