Feeds

Google copyright purge leaves Android developers exposed

Could be forced to hand over source code

Choosing a cloud hosting partner with confidence

Google's attempt to purge copyright from header files has put mobile developers at risk of being forced to reveal their own source code, according to legal experts.

This time it's not patents or Android's reinterpretation of Java that's causing problems, but the Linux code that compiles down into Android itself.

Google publishes that code under the Apache licence, but derives it from Linux source protected by the General Public Licence version 2 (GPLv2) claiming to remove all copyrighted components before changing the licence. Only it seems that Google's idea of what constitutes copyrighted content isn't quite the same as that defined by US courts.

At issue are the header files in the Linux kernel - a list of APIs and macros that are used during compilation. These fall under the GPLv2 which states that any work derived from them must also be published under the GPLv2, but Google uses scripts to take out all the comments and extraneous odds and sods, then claims that this removes the copyright. That enables Google to publish the resulting code under the (less open) Apache licence as though it were an original work.

In his advice (pdf) Edward Naughton, of legal firm Brown Rudnick, highlights cases which have come before the US courts and established that copyright can exist on an API thanks to its innovative structure and design, which would seem to give the lie to Google's claims.

Even if Google is proved right things are not well as the search giant will have blazed a path that others could follow, potentially creating software of all sorts derived from open source projects but without being bound by open source rules.

Naughton's advice builds on work from Raymond Nimmer who first pointed out Google's innovative approach to copyright interpretation. The advice takes that further, as Naughton explains in his Huffington Post article on the subject, going on to analyse the Bionic package, 750 files that Google derived from Linux kernel header files published under the GPLv2.

The problem for developers is that the GPLv2 applies itself to any application that makes use of covered code, which could arguably apply to any native Android application as the kernel headers are so universally applied.

That could see developers forced to reveal their source code to all and sundry, and permit its reuse, which would certainly be a challenge for the Android community. That's a worst case scenario, but the breach in copyright could leave companies exposed to litigation, which is what Naughton is advising against. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Sea-Me-We 5 construction starts
New sub cable to go live 2016
EE coughs to BROKEN data usage metrics BLUNDER that short-changes customers
Carrier apologises for 'inflated' measurements cockup
Comcast: Help, help, FCC. Netflix and pals are EXTORTIONISTS
The others guys are being mean so therefore ... monopoly all good, yeah?
Surprise: if you work from home you need the Internet
Buffer-rage sends Aussies out to experience road rage
EE buys 58 Phones 4u stores for £2.5m after picking over carcass
Operator says it will safeguard 359 jobs, plans lick of paint
MOST iPhone strokers SPURN iOS 8: iOS 7 'un-updatening' in 5...4...
Guess they don't like our battery-draining update?
Internet Transit price falls slowing: Telegeography
Brazilians get waxed, Londoners get a steal
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.