GPL License Controversy, Once More
Here at XDA we don’t just value Open Source, we thrive on it. The fact that Android was openly distributed in its entirety was key for our community’s growth, and without that particular development we would not be here now in this way. We have over 6 million registered members, and we are visited by huge amounts of guests as well. Almost half a million of our users are active and tens of thousands are on our forums every second discussing technology. As far as internet communities go, we are one of the biggest out there and this is thanks to our contributions to software be it through code, design or feedback. XDA is the go-to source for solutions and guides as well as project development and advise for people who love mobile operating systems – be it because of work or play – from all over the world. This all makes for not just one of the largest, but also most diverse yet coherent and focused internet communities of all time. And in the end, all of this pivots around free access to the software we build upon and discuss.
In this sense, open-source licenses like Apache and GPL are our scythe and hammer (ideologies aside), for they not only represent what we stand for with our philosophy of openness and participation but also act as our tools towards achieving our goals and our progress. And it’s a great deal for all of us, because they don’t really ask that much from us in the first place!
Free as in Freedom
GPL stands for General Public License, and it is a free software license that guarantees developers, OEMs and users to have unlimited access to the foundations and functionally of the covered software. Those who get their hands on GPL software can study it, share it, copy it, or modify it, as well as redistribute their tinkering. We’ve discussed the GPL license countless times, as it is a necessity for us to inform our community of its existence and its terms. Our GPL Policy exists not just to make sure that they license is withheld, but also to encourage and foment a better development environment and ensure progress. And this is a fair procedure for all developers, because GPL doesn’t ask for much in return – simply to show compliance with a handful of terms that take no effort nor capital.
There’s countless resources at XDA going in-depth on this topic, and many reading this are probably familiar with it; so to summarize, those who want to redistribute software based on GPL-licensed code have to provide the sources used to compile the software; and they must make them available immediately upon distribution, with documentation that it is GPL-licensed code so that those who further modify the code have to abide too. For noncommercial distributions, there’s two ways to distribute GPLv2 software and its sources. GPLv2 clearly states them as:
a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange
Given that sources can be distributed over the internet for virtually no cost, it would make little sense for someone not to comply with these terms. After all, if you are distributing a software product, you already have the code finished, or else you’d be breaking causality and that’d be no good. Uploading the sources online for people to use is nothing more than a few clicks of a hassle, and considering the license is adjudicable by Law, it’s always in one’s best interest to do this, right…?
Android Kernels and GPLv2
The reason as to why GPL is so important is Android’s kernel being based on the fundamental work of Linus Torvalds, the Linux kernel, that is a quintessential component of the operating system. Android simply won’t boot without it, for obvious reasons, but there’s importance to it because of more than that. The Linux Kernel was made open source under GPL for all to use, share and modify. Since Android runs on a modified version of this kernel, the previously stated terms imbue it with GPL licensing as well. The rest of Android, namely the framework, is covered on Apache licensing, but the GPLv2 nature of the Android kernel makes it a very important aspect of the open-source community as all future modifications have to comply with the terms as well, and also be open to redistribution and modification – under GPL, which rekindles the cycle over and over.
Knowing these terms, it’s easy to see why it is so important for a kernel in particular to be open source: the kernel handles the interactions between hardware and software, and can potentially get access to your phone’s resources in a pinch. Opening up the kernel’s guts for everyone to inspect and review can help make sure that there’s nothing shady going on behind the scenes. This last bit is particularly concerning in this day and age where internet security is touted to be a priority yet data mining and information sales are common practice. Other than that, the distribution of GPLv2 licensed sources help developer communities like the one found here at XDA, as it allows our devs to further modify and tweak the operating system and take it to wherever they want to take it.
While we try to get our developers to follow these guidelines, the enterprise role-models of the corporate world do not always give us a good example to follow. This is not a new problem, and it is not an easy one either. There’s been countless cases and plenty of documented controversy on this subject. The smaller manufacturers whose brands are not as well-known are the ones who can easily slip by the legal system or general consensus. For years there were efforts to try and put these cases under light for the world to see and take action, but there was not much of an effect. Take Matthew Garrett’s case, for example – this “kernel hacker” has looked at GPL compliance cases of consumer devices for years and has been met with little feedback or recognition. In an internet journal post he writes:
“Fusion Garage, on the other hand, are still failing to provide source and seem entirely unconcerned about it – they’ve failed to respond to any of my emails since the first. Augen aren’t providing source because they can’t, while Fusion Garage aren’t providing source because they won’t. Irked by this, I’ve decided to try Don Marti’s suggestion and file a case with US Customs. I’ll admit that I have absolutely no idea how seriously these cases get taken, and so I’ve no great expectation of any sort of interesting outcome”
The case was indeed filed and it did end successfully with this company having released the source code. It did, however, take several months for the issue to get resolved with this smaller OEM. The fact of the matter is that this encounter was probably time-consuming, exhausting and must have taken capital resources. The same GPL advocate compiled a list of tablets that showed which ones infringed GPL in 2011, and as you can see, it is quite extensive, with culprits across the board. This goes to show that GPL infringement is widespread, common, and despite how obvious it is to see if there’s someone breaking the terms, most of the time action against it is either slow to follow, tedious or downright non-existent.
While the list of lesser-named tablets is an indicator of how widespread of a phenomenon it is, it’s not just small companies doing it (and getting away with it) either. A month ago we had reported about Xiaomi’s particular case, which served as a clear sign that even the biggest dogs in the industry expect crime to pay. This particular company is profiting off Android at previously unseen speeds yet they don’t comply with one of the most essential aspects of the core philosophy of our open operating system. But Google’s own ex-baby, Motorola is doing this as well!
Motorola’s Lollipop builds came out nearly 3 months ago, and we have yet to see their sources get released. This is a huge problem, not because they are a couple days or weeks late – they have been late for the entirety of the time their builds have been out. Sources must be provided in some way or form alongside the distribution of the software release, which means that they have infringed on the terms for quite a while now yet no apparent action is being taken. Many developers attempted requesting their code, but have been handed silence in return. So going back to the fact that they have the sources ready for uploading in their servers (again, causality is a thing), why haven’t they distributed it yet?
This particular question makes me personally uneasy, given that it is not Google’s Motorola we are speaking of here. In fact, this most likely would have been an impossible event if the company was still under Google’s control. Lenovo had purchased Motorola a while back, and while they promised to stay in line with their previous strategy of fast Android updates (which they did, excluding the 2013 variants of the Moto G and Moto X) they seem to have forgotten about the bit where they must include the sources alongside their new versions. Why would Lenovo do this, exactly? Motorla was asked about their Titan kernel sources (not for Lollipop) on October 3, 2014, and it took them 11 days to reply the following:
tags07 commented Working on it. Should be up later this week or early next week. Also working on posting sources for the Moto X 2nd Gen
To me, this shows utter disregard for the GPLv2 terms. They were called out 3 weeks after the fact, and then took almost another 2 to simply inform people that it could be another week before the kernels are seen… This doesn’t seem like Google’s Motorola anymore, does it? If you look at the linked github thread, you’ll see plenty of complaints from others as well, insisting on getting their rightfully deserved kernel sources. And I’ll say this one more time: We see no real reason for such delays. Some companies like Cyanogen even have their official source releases available before their OTAs are out, and these are being uploaded to an open github and public repositories. What on Earth could make them take that long? They also comment saying that they have to “coordinate” the release among many SKUs on many different carriers all over the world… but even if that would excuse such long delays, it would still be blatant disregard for their developer community and a sign of unprofessional attitudes towards this whole affair – they are entirely aware of GPL terms, and they are aware it is covered under copyright law. They have every excuse to work their release around those constraints, like many other OEMs of both bigger and smaller sizes can and do.
But what’s perhaps most worrying about this is that, like previously stated, kernels are not just an integral part of the Android OS (and consequentially, our developer community) but pose a paramount aspect of security as well. And not many seem to remember that at one point Lenovo was under fire over possible security and spying allegations that prompted the U.S.-China Economic Security Review Commission (USCC) to probe them to prevent bugging. While these accusations were laid out over computers purchased for internal government use in the United States, it does pose the question: can we trust OEMs? As a quick note, keep in mind that while Lenovo is a public-trade company, it is mostly controlled by Legend Holdings which is in turned mostly owned by the Chinese Academy of Sciences – a national entity of the Republic of China. So while there’s no evidence thus far to believe a kernel release being held back can have serious security implications, people have a right to be skeptical about the nature of such stalling given that Lenovo is partially shrouded by controversy and loosely tied to a country that has an Intelligence service as notorious for spying as the NSA in the United States. And the latest flap about Lenovo doesn’t help matters.
Essence of Android
The main problem we face at XDA from this is that being withdrawn from such essential parts of the Operating System means we can’t do what we do best. But regardless of our community’s goals and future, these practices are simply not right from a moral nor legal standpoint. Our Developer Admin and Senior Recognized Developer pulser_g2 has been known to extensively comment on these issues and spread awareness within our community. On the importance of this matter, he notes:
“In terms of morality, when someone gives you something freely, and asks nothing of you in return other than to share your changes, that’s pretty reasonable. It’s the right thing to do. They would spend many hundreds of thousands, if not millions of dollars, if they didn’t have the Linux kernel to use. They’d have to base off BSD, or something else, or perhaps even write their own, if there was no such thing as “open source”. Or they’d buy something hugely expensive and pay large license fees for it.
The GPL means they have access to world-leading stuff, used in most of the world’s servers, and all for no fee. Companies should be more willing to recognise this, and accept that they are building on top of the foundations of the community, and that their work is trivial in comparison.”
And he is right, just like everyone at XDA that fights for these causes, and just like individuals like Matthew Garrett. It’s been proven time and again that it is not super easy for smaller groups (legal holders) to take these matters into court and when they do arrive, it could develop into a “he said, she said” type of debate that could drag on and further dry up the resources of the accusers. Public license enforcement is a live issue in the law, and there are different stances depending on the parties involved in the legal process. They can be considered copyright actions that a holder can enforce or contracts applicable by beneficiaries. But regardless of who can take action, we are not seeing anyone stand up for the rights of everyone wanting to access these sources, and these companies can carry on their shady businesses unharmed.
So what can we do? While a class action lawsuit could be in the cards, seeing that happen wouldn’t solve the immediate problem we have. But there’s always voting with your wallet, I suppose. In the end, this is an issue to be tackled between the copyright holders and the OEMs, and despite all of us being wronged through the denial of our “inheritance” of GPL-licensed software upon the distribution of the software, there’s little action we can take against this problem other than spread awareness. Us power-users at XDA are, in a way, trendsetters. Our developers also push Android forward with their innovative ideas and contributions, and this ultimately gives us some sort of authority over the course of the mobile industry. XDA has been known to impact the history of certain manufacturers, and every user here can indirectly contribute to the cause through awareness, recommendation and supporting the ones that deserve so.
The philosophy behind XDA is that of openness, of contribution and cooperative development. Open source code grants the possibility for no project to go without peer revision or feedback, and it also allows abandoned projects to carry on in whatever shape or form its code contributions persist in. Most importantly, it is free access to life-improving utilities and knowledge, because there is a lot to learn from open source code. Some might think that it is really not as philosophical as me or other advocates make it sound, but the underlying repercussions that the opening of these sources have benefit all of us: those wanting to improve their programming skills, those wanting to learn how to code in the first place, those wanting to push technology forward and those wanting to take advantage from it to better their lives. Innumerable contributions on this site – mods, tweaks, ROMs and kernels – wouldn’t be possible without the open source nature of Android, so it is a rightful thing to defend.
It is the essence of our hobby, after all.