In the rush to take advantage of the boom in the
apps market, developers may have–consciously or not–overlooked the fact that
some of the software building blocks they were using to create apps were
governed by their own license restrictions, which may have been violated by the
developers. A recent report published by
OpenLogic found that 7 out of 10 apps that contained open source software were
in severe breach of the open source license requirements. OpenLogic reviewed 635 leading mobile Apple
iOS and Google Android apps in a license compliance assessment. The results show that about 10 percent of the
apps contained code that was subject to an open source license (either the
General Public License, Lesser General Public License (GLP/LGPL) or Apache license),
and over 70% percent of these were apparently using the open source code in a
manner that violated key obligations required by the open source licenses.
While certain of the violations found by OpenLogic related to requirements for
attribution and/or provision of copies of the underlying open source license
with the new works, in certain instances some of the apps may have required the
developers to provide the source code for the app itself (that is, the open
source code caused the app to go "viral"). OpenLogic did not identify specific apps in
its review but states that it targeted the "top paid and free apps for
iPad, iPhone and Android across a variety of categories," including apps
from the top 20 companies in the Fortune 500.
The apps at issue included banking, sports and game applications, as
well as apps from household brands and media organizations. Perhaps this result
isn't surprising. Many developers–and
the publishers that retain them–often don't have a complete understanding of
the open source license requirements and how they may impact the actual use of
the code in a specific app. Other
confusion may arise from the proliferation of outsourcing or the inadvertent
bundling of original source code with protected source code. Even when developers were aware that their
app contained open source, the End User License Agreements or documentation
accompanying the apps may not have been properly drafted to fully comply with
the open source license requirements. It is unclear what the ultimate impact of
these findings will be. Violation of an
open source license can form the basis of a copyright infringement claim
(exposing the entity using the code to statutory damages, as well as the
possibility of an injunction). Jacobsen v Katzer, an open source copyright infringement case, established that
violators of open source software may be subject to claims under copyright law,
including statutory damages up to $150,000 per infringing work and injunctive
relief. Injunctive relief was granted in
Software Freedom Conservancy, Inc. and Erik Anderson v Best Buy Co., Inc. et al., a case where the defendant allegedly sold and distributed electronic
products embedded with firmware that contained either a copy or derivative work
of the plaintiff's open source software, BusyBox, without complying with the
open source license. In addition to
awarding treble statutory damages ($90,000) for willful copyright infringement
and attorneys' fees and costs, the court entered a permanent injunction against
the defendant prohibiting distribution of its infringing HDTVs and ordered the
forfeit of infringing HDTVs in its possession to the plaintiff, to be donated
to charity. While it is difficult to assess the litigation risk in the app
space, a more critical concern for commercial application developers is the
potential diminution of value that might result from the use of open source
code (i.e. non-proprietary components) that might be included in their
apps. Strategic partners or potential
acquirers might become concerned about hidden claims (either with respect to
ownership of the app or for violation of an open source license). Prudence would seem to compel developers and
publishers to carefully scrutinize the code being incorporated into
newly-developed apps and gain mastery over any open source license
requirements.