App Stores are all the rage these days with companies vying to release their applications ahead of competitors. Not surprisingly, open source components are being used to speed delivery of these applications.  Companies need to ensure their open source usage fits within the requirements of both App Store and open source component licenses.

Companies using open source aren’t complying with licenses
OpenLogic recently released results from a scan and license compliance assessment of 635 leading mobile applications.  Sixty six applications, just over 10 percent, were found to contain components with an Apache or GPL/LGPL licenses.  Of these applications, over 70 percent failed to comply with requirements of the open source license.

OpenLogic’s analysis suggests that companies using open source components in their App Store applications are doing so without fully understanding license implications.

Ignoring license requirements means that App Store providers could pull a company’s application from the App Store, thereby impacting the company’s users and affecting the company’s competitive position.

GPLv2 & Apple App Store license incompatibility an areas of concern
Another issue to consider is that Apple’s App Store terms of service is incompatible with the GPLv2 license.  Companies considering using GPLv2 components in their App Store destined application should think twice, until the incompatibility is resolved.

The GPLv2 doesn’t allow someone to impose further restrictions on the GPLv2 licensed code than the original licensor allowed.  The GPLv2 also doesn’t allow restrictions on usage.

The Apple App Store terms of service on the other hand does prohibit usage as defined in the list of Usage Rules – if an activity does not appear on the list, a user is not allowed to use the App Store application in that way.

In effect, an Apple App Store application which abides by Apple’s terms of service is deemed to be restricting usage and imposing further limitation on usage rights than were envisioned by the original licensor of the open source code.

Far from being an abstract example, this situation is precisely why the popular VLC media player was removed from the App Store.

With the vast amount of GPLv2 code available for use, the incompatibility between the App Store terms of service and GPLv2 is a problem in need of a fix.

NetworkWorld author and OuterCurve technical director, Stephen Walli proposed a solution that relies on dual licensing of GPLv2 components.  Walli writes:

“This suggests a way for developers that are strong believers in free software to also use the Apple App store as a channel to get their software in front of a larger audience. The project could essentially create a dual licensing scheme using the GPL for its wider audience and a separate Apple App Store distribution license for the executable version and its derivatives that sits on the App Store and that further allows others to use and to publish the binary on the App Store. “

The key challenge with a dual license approach is for GPLv2 licensed open source projects to agree that creating a new App Store friendly license is appropriate. Some developers who believe in the freedoms enabled through the GPLv2 will likely resist supporting a license that restricts user freedoms.  Additionally, open source projects that rely on other third-party open source components would require each third-party project to agree to a dual license, or find a replacement third-party project, before the parent project could use a dual license.

The Apache 2.0 license doesn’t have the same issue as GPLv2 when it comes to Apple’s App Store terms of service, and could become the license of choice of companies seeking to use open source in an Apple App Store application.

Apply sound open source usage principles to App Store apps
Until the GPLv2 and App Store incompatibility is remedied, companies are encouraged to seek legal counsel before using GPLv2 code in their App Store destined applications.

Additionally, blaming developers, contractors or third-party service providers for improperly using open source software within your company’s App Store application after the fact isn’t a good plan.

Instead, ensure your company has guidelines and approval processes in place, just as you are encouraged to have for using open source within internal projects.  Use a license scanning and governance solution from vendors such as OpenLogic, Black Duck or Protecode to validate that projects are adhering to your company’s open source usage guidelines.

Follow me on Twitter at SavioRodrigues. I should state: “The postings on this site are my own and don’t necessarily represent IBM’s positions, strategies, or opinions.”