OpenLogic Code Scan Shows Increased Open-Source License Compliance Among Mobile Developers

 
 
By Darryl K. Taft  |  Posted 2012-08-21 Email Print this article Print
 
 
 
 
 
 
 

OpenLogic announced that a recent code scan of 66 leading mobile apps showed that mobile app developers are increasingly complying with open-source licenses.

OpenLogic, a provider of open-source scanners, open-source governance solutions and community-backed open-source support for the data center and the cloud, said it has seen an increase in open-source license compliance among mobile apps.

OpenLogic announced the results of a source-code scan and license compliance assessment of 66 leading mobile applications containing open-source software, showing that the majority (58.3  percent) of mobile apps scanned are not in violation of open-source licenses. The 58.3 percent is up from 29 percent last year.

OpenLogic's mobile application research began in 2011, when the company scanned 635 of the most popular iOS and Android applications, identifying 66 apps that contained Apache, GPL or LPGL licenses. Of those 66 applications, the majority (71 percent) failed to comply with four key license obligations. OpenLogic attributed these numbers to the GPL and LGPL license requirements to provide source code or an offer to get the source code and to provide a copy of the license, as well as to the Apache license requirements to provide a copy of the license and provide notices and attributions. In some cases, applications that violate open-source license requirements may be subject to legal action and removal from app stores.

Now OpenLogic is announcing the 2012 update to that mobile app research. In 2012, OpenLogic scanned the latest versions of the same 66 applications to study how compliance rates had changed. The new scan found that the number of applications still in violation of open licensing requirements had dropped to 38.3 percent from 71 percent in 2011.

"We are pleased to see that the majority of apps that violated open-source licenses last year are no longer in violation, demonstrating that companies and developers are increasingly aware of the compliance issue and playing by the open-source rules," said Rod Cope, CTO and founder of OpenLogic, in a statement. "A simple source-code scan quickly gives companies the information they need to understand license compliance, as well as the knowledge required to map out the ideal code governance strategy for their mobile app. Ripping out open-source code is not the best approach, but understanding and following license compliance is."

OpenLogic officials said 5 percent of those mobile apps scanned in 2012 achieved compliance by adding an offer for source code or a copy of the license. However, most of the apps--53.3 percent--solved the issue by removing the noncompliant open-source components altogether. Meanwhile, OpenLogic said 3.3 percent of the apps are obsolete and no longer available in the Apple or Android app stores.

Jilayne Lovejoy, corporate counsel at OpenLogic, will speak about this topic as well as participate in a panel about SPDX at the LinuxCon conference Aug. 29-31 in San Diego.

OpenLogic scanned the 66 mobile applications using its source-code scanner, OSS Deep Discovery, which quickly scans software to identify open-source components-even snippets of code that might be copied from open-source projects, and even in cases where the source code has been deliberately changed to hide the origin. Open-source-code scanning is growing in popularity, with OpenLogic recently reporting that OSS Deep Discovery saw a more than a 730 percent increase in the number of files scanned in Q1 2012 over the same period in 2011.

 
 
 
 
Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel