How to avoid public GPL floggings on Apple's App Store

How to avoid public GPL floggings on Apple's App Store

Summary: Publishing your source may not be enough to comply with Open Source licenses like the GPL.

SHARE:

Publishing your source may not be enough to comply with Open Source licenses like the GPL. In the sad case of VLC for iOS, a licensing conflict created an untenable situation that required it be pulled from the App Store.

It is often said that no good deed goes unpunished. Unfortunately even with the best of intents, particularly as it relates to releasing Open Source Software, it is possible to run far afield of GPL and FOSS kashruth even if you think you are following the rules to the best of your ability.

Such was the case of the iOS port of the popular free VLC Player application produced by French software developer Applidium.

VLC Player for iOS was distributed on Apple's App Store until it was determined that the very distribution of the software itself which used components licensed under the terms of GNU General Public License version 2 was incompatible with the software distribution Terms of Service of the App Store.

Got that? Farshteyn? Okay, great.

Just over a year ago, I discussed the implications for consumer electronics manufacturers which used GPL and other Open Source components that did not make their source code and changes to those components freely available, and how these situations could be avoided in the future.

Since the widely-publicized lawsuits from the Software Freedom Law Center (SFLC) from late 2009, there has been very little if any public flogging of large entities that manufacture and distribute consumer electronics which did not publish their GPL code.

That lesson it seems has been learned. Fortunately for the named parties in those lawsuits, the GPL has yet to face a scenario in which it has had to be tested in court. So far, such as with the Verizon case from 2008 all of these to date have been settled amicably, and out of court.

But if you develop using Open Source code which uses GPL-Licensed components, just publishing your source may not be enough to keep you out of trouble.

Also Read: How to avoid modern day public GPL floggings (2009)

In the case of Applidium, which created the iOS port of the popular VLC Media Player of which the source originated from Videolan.org, it fully published all of its modified source code. However, what it did not do was understand how the Terms of Service of Apple's App Store violated the very nature of the GPL version 2.

In other words, if you develop software which uses GPLv2 components which you do not have the exclusive copyrights to but the distribution of said software on an App Store such as Apple's has additional terms and conditions imposed on it, that may prohibit you from distributing that software using that model in the first place.

Applidium's VLC Player could have been distributed on Apple's App Store for a very long time and even escaped this scrutiny had not a single developer/contributor on the VLC project, Rémi Denis-Courmont lodged a formal complaint requesting that it be removed.

As my ZDNet Open Source colleague Steven J. Vaughan-Nichols put it, this was a "Don't Ask, Don't Tell" type of situation. The VLC project was well aware of the GPLv2 violation, entities within Apple may have also been aware of it and yet nobody decided to make a fuss about it.

So a little cheese found its way onto the pastrami on rye Applidium VLC sandwich. No biggie. They made a Reuben.

Also Read: No GPL Apps for Apple's App Store

But the moment Denis-Courmont lodged his complaint about Applidium combining milk and meat in the same meal, it was all over. After several months of Talmudic deliberation on the matter, Apple finally removed the software. The deli was closed.

[Next: You don't mix milk and meat!]»

Specifically, Denis-Courmont's complaint was that the product usage rules of the App Store -- one of which deals with the application of Digital Rights Management on all products distributed on the store -- are in violation of the terms of the GPLv2.

As far as 3rd-party ports popular and well-known GPLv2 projects such as VideoLAN and VLC are concerned, the case is open and shut. These applications can never be distributed under Apple's current App Store Terms of Service if they are ported. Trayf!

[EDIT: It has been pointed out to me that the distribution of OpenJDK/Oracle Java on the Mac App Store could be problematic as it is GPL-licensed. However, since Oracle owns all the copyrights to Java and would give permission to Apple to distribute, it's not an issue.]

While nothing should stop you from distributing ported GPLv2 iOS source code and running it on a "Jailbroken" iOS device (such as with Cydia) distribution of GPLv2 material via Apple's official channels is a non-starter. Period.

Clearly, what happened on Apple's end was a result of a shortcoming in their due diligence process which failed to recognize that GPLv2 software had been submitted, and the software should never have been approved in the first place. The Mashgiach slipped up.

However, I don't want to assign much blame to Apple here, because the infrastructure and know-how may not have been in place at Apple to do the code review to determine that VLC for iOS was GPLv2 software.

We also have to understand that thousands of applications are submitted to the App Store every month, and one must assume that due diligence on code review requires a substantial effort and details are inevitably going to be missed.

The obvious retort to this is "Oy, everyone knows VLC is GPLv2" but we're talking about two entirely different cultures here, that of Apple's ecosystem and that of Free and Open Source Software.

Apple's App Store reviewers weren't explicitly looking for GPLv2 components. They look for things like porn and clearly adult material, undocumented APIs and use of non-native external libraries and programming languages like Java and Flash that violate the Software Developer agreement, as well as various other criteria such as UI deficiencies and duplication of functionality issues that would constitute an immediate rejection.

Well, we can now add GPLv2 software to that list. But the chicken soup gets a bit murky from here.

So we know that big projects like VLC are obviously GPLv2. But what about all the little games and utilities and even major applications that may be sitting in the App Store which might utilize some third-party GPLv2 code? There could be dozens, if not hundreds, or maybe even thousands of these things sitting there.

Many of these will probably go unrecognized, but it's possible that Apple may start enlisting the services of Open Source code auditing firms like Black Duck or OpenLogic to determine if any actual cut and pasting of GPLv2 code has occurred. And when those apps are found, they'll be removed until those GPLv2 bits are replaced with bits that aren't GPLv2.

If you develop software for Apple's App Store, which now also includes the Macintosh platform, then you are obligated to do a preliminary code review yourself and be absolutely sure you aren't using any GPLv2 components you don't have the exclusive copyrights to before you submit an application for electronic distribution.

Otherwise you might find yourself having to re-write thousands of lines of code, or even worse, become subject to public floggings by groups such as the SFLC and incurring significant legal costs. Oy vey.

These things aren't just Apple-specific either. Other platforms with similar types of App Stores, such as Google's Android Market, the RIM BlackBerry App World, Microsoft's Windows 7 Phone and Amazon's upcoming 3rd-party App Store for Android have Terms of Service which may very well impact the use of GPLv2 and other FOSS-licensed software components.

With the yanking of Applidium's VLC port for iOS setting an unfortunate precendent, it is an absolute requirement now that all of these software distribution Terms of Service of these new app stores be reviewed by appropriate legal professionals to determine how and if Open Source software can be distributed without running into these kinds of problems in the future.

Will we see more GPLv2 applications removed from App Stores in the future? Talk Back and Let Me Know.

Topics: Android, Apple, Google, iPhone, iPad, Mobility, Open Source, Software

About

Jason Perlow, Sr. Technology Editor at ZDNet, is a technologist with over two decades of experience integrating large heterogeneous multi-vendor computing environments in Fortune 500 companies. Jason is currently a Partner Technology Strategist with Microsoft Corp. His expressed views do not necessarily represent those of his employer.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

69 comments
Log in or register to join the discussion
  • RE: How to avoid modern day public GPL floggings, part deux

    I wonder how this precedent will tie in with Oracle's case against Google abusing Sun's JVM software license with Dalvik.

    It will give them more ammunition I would imagine.
    alsobannedfromzdnet
    • RE: How to avoid modern day public GPL floggings, part deux

      @alsobannedfromzdnet Doubtful. Dalvik was developed using the Apache software license and software from the Apache Harmony Project. Totally different animal.
      jperlow
      • In this case, the problem is Apples Store TOS

        Not so much GPL, GPL was made to insure it is always free for whom ever uses it. Apple's Store TOS wants to make every cent possible, so it put those limitations in place.

        What is true, is you can't have a FREE environment within Apple's wall garden.

        Another draw back for Apple from my perspective, and a very fundamental reason to avoid it.
        Uralbas
      • Java is GPL .... you can't change the license because of convenience

        @jperlow Oracle already showed code that was copied and refactored (ie: names were changed, but the code followed the exact same logic and order).

        Unlike SCO, Oracle is very likely to have a very strong case against Google. Not only did they have test files that are the exact match in logical functionality and code order, but also Dalvik REQUIRES a the Sun Java SDK to work.
        wackoae
      • You can't simply Change GPL to Apache

        @jperlow

        Personally GPL is as close to the devil as you can get but ...
        Bruizer
      • RE: How to avoid modern day public GPL floggings, part deux

        @wackoae

        They clearly shipped decompiled testcode, but that's not code used in the Android OS/cell phones. The fact that the SDK runs ontop of the JDK means nothing and Harmoney it self was created by IBM, a hotspot (JAVA) contributer as java isn't some walled of product. Java would be nothing without the community that has contributed to it and it's standards.
        Penti
      • RE: How to avoid modern day public GPL floggings, part deux

        @wackoae: They showed a few classes and interfaces that are part of the standard implementation. If you're using the same exact naming conventions, and you're striving for the ability to compile one into the other there are going to be parallels. Furthermore, much of that sourcecode is already publicly available under GPLv2 in OpenJDK...
        snoop0x7b
    • RE: How to avoid modern day public GPL floggings, part deux

      @alsobannedfromzdnet Probably not at all... They're separate pieces of software, separate licensing issues and a separate dispute.
      snoop0x7b
  • So...

    The FOSS folks now have a reason to cast Apple into the eternal flames of "How dare they not fall down and worship Stallman?" <img border="0" src="http://www.cnet.com/i/mb/emoticons/happy.gif" alt="happy"><br><br>And Apple has yet another "shot ourselves in the foot" with a flamethrower...

    You know, I just can't see a downside here!
    wolf_z
  • I don't understand why people are making such a fuss about this?

    Apple was asked to remove the app, they complied. Quickly. Apple did the right thing here.

    But why are people making such a huge fuss about whether or not GPL code should (or shouldn't) be allowed in these application storefronts? These application authors, should they choose to distribute their apps in such a way, have a [b]very[/b] easy way to do so: [b]don't use GPL code in their apps!![/b]

    We have been given the alternative I bolded above for years now. Over and over and over and over and over again, we were told that GPL gave everyone a [b]very[/b] easy way out. If you don't want to abide by GPL, don't use GPL code. I don't understand what is so complicated about this?

    [i]then you are obligated to do a preliminary code review yourself and be absolutely sure you aren?t using any GPLv2 components before you submit an application for electronic distribution.[/i]

    Exactly right. Your other option is to yank your app from any application store front that has a licensing agreement not compatible with GPL. How is this difficult or onerous on [b]anybody[/b]?
    NonZealot
    • RE: How to avoid modern day public GPL floggings, part deux

      @NonZealot
      Your history is known on ZDNET, you are not to be trusted with anything you write. The bold typing a little too much.
      choyongpil
      • RE: How to avoid modern day public GPL floggings, part deux

        @choyongpil NonZealot's right. He doesn't like Apple 90% of the time, but he defended them this time, and was absolutely correct.
        snoop0x7b
  • From where I sit

    Apple can do whatever they want.
    Their actions don't affect me and never will.

    So, this story is somewhat of a non event in the GNU/Linux world.
    Apple Folks tired of control issues?
    Come take a walk on the wild side. Try Linux and regain your Freedom.
    Dietrich T. Schmitz, ~ Your Linux Advocate
    • RE: How to avoid modern day public GPL floggings, part deux

      @Dietrich T. Schmitz, Your Linux Advocate

      So how's all that stuff based on Webkit treating you?
      alsobannedfromzdnet
      • RE: How to avoid modern day public GPL floggings, part deux

        @alsobannedfromzdnet

        It's doing fine. Considering that Webkit is a fork of KHTML which FORCED Apple to comply with the GPL otherwise they would have just ripped off the Open Source code without giving back to the community that made it possible.
        Discourselives
      • Remember

        @alsobannedfromzdnet

        As another poster put it, Apple 'borrowed' the basis of Webkit (KHTML) from the Linux/FOSS ecosystem to begin with. Specifically from the KDE folks. Apple must have mistakenly thought it was like all of that BSD code they took and used. Fortunately they were reminded that they were building on the GPL'd work of others.

        I agree with Dietrich. I have no need of Apple or their walled-garden control-ware crap.

        Have a nice day iTools.
        Tim Patterson
      • RE: How to avoid modern day public GPL floggings, part deux

        @alsobannedfromzdnet You mean KHTML which Apple appropriated to become webkit? Apple was obligated to release webkit as GPL because they appropriated KHTML's sourcecode to make safari.

        Quite frankly, they've done a poor job of publishing changes. It took them several months and a reminder from the KDE project to begin publishing webkit in the first place, and the publication schedule for the sourcecode is such that most of their fixes couldn't be used in Konqueror anyhow.
        snoop0x7b
    • Isn't Linux GPL?

      @Dietrich T. Schmitz, Your Linux Advocate

      This is all about the evils of GPL and the full loss of freedom if your are naive enough to use it.
      Bruizer
      • Nonsense, and You Know It

        @Bruizer
        The GPL forbids the "loss of freedom" for recipients of program released under it. The whole purpose of it is to have one and only one restriction, and that is to put no other restrictions on it. The only reason that it cannot be distributed via the Apple AppStore is that the AppStore places additional restrictions on programs released through it, and you can't do that with GPL software.

        Complaining about a "loss of freedom" with the GPL is like complaining about not being "free" to build fences in public areas of state parks. If you want a wooded, fenced area, then you are free to purchase your own land and create one yourself.
        CFWhitman
    • RE: How to avoid modern day public GPL floggings, part deux

      @Dietrich T. Schmitz, Your Linux Advocate

      "Their actions don't affect me and never will."

      Obviously it HAS affected you very badly, enough for you to come here and whine about. If it truly did not affect you, then you would not even be here and reading this.

      So you are admitting, that you are just here to troll ???
      Aussie_Troll