Adam Outler · Mar 23, 2014 at 02:00 am

Have You Paid Your Linux Kernel Source License Fee?

256px-License_icon-gpl-4.svgWhen asked for source code, MediaTek asks for money. They literally charge a Licensing Fee to device manufacturers for Linux Kernel source code.

It’s a sad state of affairs when a manufacturer closes off GPL-protected Source Code.  It’s even sadder when they are providing compiled firmware with several severe security vulnerabilities.  It’s sadder even still when they require a license fee.  This is going on right now with MediaTek (MTK), and it’s their standard operating procedure.

2014-03-22

There’s a reason you don’t see many MTK devices in the US and other regions with stricter license enforcement. They are a lawsuit waiting to happen. MTK disrespects not only their users, but every single Linux kernel developer. They do so in the form of a policy requiring a paid “Source Code License,” which is likely the largest load of diarrhea this writer has ever heard of. You see, the Linux Kernel source code is licensed under GPLv2, which absolutely requires that you abide by the terms that include source code release. Failure to abide by the terms legally prevents you from distributing the Linux Kernel at all. Lets take a look at some excerpts:

3.  b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; …………….

4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. ……..

5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works……

As developers, we have the ability to take code, recompile it, add features, and fix the security incompetence of manufacturers. Some of MTK’s devices are loaded with broken features such as Bluetooth PAN buffers, and there are dozens of other examples. MTK’s policy is in direct violation of all three of the above points, and its disheartening when you realize that they think they are providing a service to any customer by way of locked down and vulnerable chipsets. The reality of the situation is that MTK owes a copy of the full, buildable source code to each individual who purchases a device with the Linux Kernel, and obliging would only help them fix their broken source.

When source is available, issues are identified, troubleshooted, and patched. Those who are security conscious can get a jump on patching their devices, and those who aren’t can simply wait for the patch to be sent to them. When source is not available, security issues can only be exploited, and patches never make it upstream.


_________
Want something on the XDA Portal? Send us a tip!

Adam Outler

AdamOutler is an editor on XDA-Developers, the largest community for Android users. Electronics Tech/ Developer View AdamOutler's posts and articles here.
GermainZ · Jul 31, 2015 at 01:03 pm · no comments

Optimize Battery Life with This Useful App

Battery life is an important aspect of your smartphone, especially if you use it for more than just calls on the go. Since you're on XDA, you probably do and want to get the most out of your battery. Now, you can't magically expand its size but no matter how much its capacity is, you should make sure it's not draining faster than it should be. Your phone's processor runs at different frequencies when you're using the device. The CPU...

XDA NEWS
Mario Tomás Serrafero · Jul 31, 2015 at 11:00 am · 1 comment

The OnePlus 2 & The Year of Smartphone Compromises

We are very close to entering the last third of 2015, and we have now seen many of the biggest flagship lines issue their latest iterations. Phones like the LG G4 and Galaxy S6 were some of the most anticipated devices in smartphone history, and the hype surrounding the M9 and OnePlus 2 had us discussing for weeks. But for the most part, the awe has vanished.   There is a feeling that virtually all of us at the XDA office...

XDA NEWS
Jimmy McGee · Jul 31, 2015 at 06:00 am · 1 comment

OnePlus 2 Teardown, Major Android Vulnerability – XDA TV

The OnePlus 2 has been officially released. That and much more news is covered by Jordan when he reviews all the important stories from this week. Included in this week's news is the announcement of a serious security vulnerability on Android and be sure to check out the article talking about how easy it is to make your one Xposed Module. That's not all that's covered in today's video! Jordan talks about the other videos released this week on XDA...

XDA NEWS