App stores and openness

by Rowan Wilson on 4 January 2011 , last updated 11 January 2013

Introduction

As mobile devices become more complex and more popular, educational institutions are under increasing pressure to create software and mobile web content that helps their students and staff get the information and functionality they need, on the move. At OSS Watch, we have seen more and more requests for information on developing open source software solutions for mobile platforms. This document explains some of the general context and issues around mobile open source development, and in doing so discusses some more general trends in how software is distributed.

Mobile marches on

‘Smartphones’ and personal digital assistants have been around in one form or another for many years. For most of that time, however, they have been the exclusive preserve of technology hobbyists, IT professionals and business executives. This has partly been because the technology has been relatively expensive, but also because their appeal has been limited by their perceived complexity of operation. For a long time, mainstream acceptance was also hampered by the relatively small additional benefit that an average user would realise over a more limited mobile phone or even a filofax.

In recent years, however, the ballooning popularity of the web and, in particular, social web applications like Facebook and Twitter, has massively increased the general public’s appetite for mobile internet connectivity and applications. Developments in interface design and simplification have also helped smartphones – and more recently tablet-based computers – break into the mainstream. Phone operating systems like Google’s Android and Apple’s iOS have made consumers expect simple compelling interfaces to useful functionality and data.

Over the same period, educational establishments have been working hard to make their data and systems accessible over the web for the convenience of their staff and students. It makes sense for these establishments to extend this effort to accommodate the growing number of users who are coming to them via mobile computing devices, but there are, unfortunately, some complications.

The rise of the app store

Part of the drive to make smartphones and tablets easier to use was a unification of the means of distributing applications. When the iPhone launched in early 2007, its manufacturer, Apple, initially rejected the idea that third-party software developers would be allowed to run their own software on the phone. No software development kit was distributed, and instead developers who wanted to get their functionality onto the device were told to embody it in a web application – essentially a website with active elements implemented in Javascript that would be viewed via the phone’s built-in web browser.

Within 18 months of the phone’s launch, Apple had revised its strategy, released a software development kit to third-party developers and launched a unified distribution centre for all applications on their platform: the so-called ‘App Store’. With a small exception (a separate scheme for businesses that wished to distribute their own private applications to a private group of handsets), the App Store was the only way third-party developers could get their software onto the iPhone.

This concept has been extremely successful for Apple, with over 500,000 applications available after just over two years. It features very heavily in Apple’s advertising, and is now being replicated by other device manufacturers hopeful that they can match its success. In fact, the model itself was not really novel: smartphone software portals like Handango had been fulfilling a similar function for many years, while the unified software repositories run for Linux distributions like Debian and Maemo (now Tizen) had many of the characteristics of Apple’s App Store. What these forerunners did not have, however, was the element of compulsion. They were convenient sources of software, but a user could always seek their software elsewhere, or indeed create and install it themselves without consulting any external authority. By being essentially the only way to get third-party software onto your iPhone, the App Store ensured that it would gain a large body of software and a large amount of user attention.

Mediated and curated

This approach has not only worked well for Apple, but has also served its users well in some ways. While earlier smartphone users would have to comb the web for software that ran on their devices – and take some risks as to its security and functionality – Apple’s curated software service makes the process easier and less risky. However, for proponents of free and open source software, this gathering of the means of distribution into the hands of a single entity is troubling, and poses a genuine threat to the ideal of a free, unmediated sharing of software between users.

In order to enforce the controls that define this model, Apple compels both developers and end users to enter into contractual arrangements with them if they wish to make use of the App Store. These contracts place responsibilities on the developers and users to not do things that break the model. For example, users cannot redistribute the software they receive – whether it costs money or not – and developers must use the App Store as their only point of distribution.

Later attempts to use this model, like Google’s Android Market and RIM’s Blackberry App World, have fought shy of making themselves a contractually mandated single point of distribution. But in the wake of the phenomenal success of the App Store it is arguable that they had little need to do so. After all, mobile developers and users had already recognised that the model for software distribution was changing, and that a crucial component of a ‘smart’ mobile device’s value proposition is now the variety and availability of applications to run on it. So even though unmediated distribution of third-party software is possible on platforms such as Android and Blackberry OS, developers are still strongly motivated to use the most popular mediated channels for distribution if they want the attention of the majority of users. For the purposes of the rest of this document, all variants of the App Store concept will be referred to as ‘app stores’.

Open source and the app store

There are in fact many instances of open source software on the various app stores. In order to explain the issues that come into play we need to make a distinction here between code that is entirely the work of a single developer and code that contains free or open source software written by others. In the former case, there should generally be no licensing problem with the code appearing both via an app store and separately as open source. Free and open source licences are non-exclusive, so as long as the app store terms are also non-exclusive, a developer can agree to an app store’s terms and conditions and, at the same time, make their code available via another channel (such as the web) as open source. Of course, if the only way to get actual executable code to run on your device is to have it signed by the device manufacturer – as is the case with Apple’s iOS devices – then your open source distribution is still going to be somewhat hampered in its reusability; other developers who want to make changes and use the modified code on the device for which it was intended will also have to agree to the app store’s terms and conditions in order to actually distribute their modified versions. It is this reuse of others’ open source code that is more problematic.

In this second case, developers wanting to include free and open source code belonging to others (a core activity in the open source model) must undertake the difficult task of making sure that the responsibilities they take on in the app store’s contract are entirely compatible with the free or open source licence under which the third-party open source code they want to use is made available. Seasoned open source developers quail at the prospect of auditing code collections for open source licence compatibility, but at least in that case the licences are long standing and well known, and their interactions are well publicised.

Determining if an app store’s agreement – which will generally be a lot longer and is also likely to change on a regular basis – is compatible with your third-party open source licence is an even less attractive proposition. There have been cases in which open source developers have objected to their work being distributed via an app store – for example, the Free Software Foundation had a iOS port of their free software game GNU Go removed, as they felt that the Apple App Store’s terms and conditions were incompatible with their own choice to make the code available under the GPL v3. More recently, a developer who has contributed to the GPL v2-licensed media player VLC has objected to its appearance on the App Store, and an argument has ensued between the developer and the VLC project’s management, who differ on whether the App Store’s terms and the GPL v2 are compatible. VLC’s core library has since been relicenced under LGPL which may allow mobile apps under App Store compatible licences to be written. However, while an open source software licence tends to not change, App Store terms and conditions are constantly being revised, so relicencing you code to fit within them represents something of a moving target.

Code that is available under the more permissive open source licences, such as BSD and Apache, is likely to be less problematic. Developers should still read app store developer agreements carefully to check for compatibility. Developers within educational institutions will also need to look into how they can enter into the kind of agreements necessary for app store distribution. If they agree to the contract personally, it is unlikely that their role as an employed developer will be covered, so an institutional representative will need to be found who can agree to contractual terms on behalf of the institution. Developers who are independent contractors are likely to be able to agree to the terms personally, although they should still discuss this with their institution to ensure that it gives them the level of control that they want over the application and its distribution.

The future

With the launch of the iPad, the app store model moved out of the mobile phone sphere and took a definite step towards the so-called ‘general computing’ arena. Apple have now also launched an app store for their Macintosh general computing platform. Microsoft have announced a similar initiative to complement their mobile-desktop fusion Windows 8. The concerns that many in the open source world have over these mediated channels of distribution only intensify with each new initiative. So is the app store model a real threat to openness?

Similar situations have arisen in the past. In 2006, the TPM (Trusted Platform Module) was announced as a component that would sit on your PC’s motherboard and check the provenance of your software via cryptographic code-signing. Using this technology, a new class of ‘security audited’ software could be identified by your computer and by remote network services and perhaps granted additional security privileges over code whose provenance could not be checked.

The intention behind this scheme was to combat viruses and unauthorised modifications to network client software, but an additional and perhaps unintended consequence of the plan was that the ecosystem of free and open source software would be considerably hampered. It would have to exist in the ‘untrusted’ category unless means to audit and sign the code could be found. Even if this could be achieved, modified versions of the code would need to feed back through the same auditing process if they wanted to enjoy enhanced security privileges. In the event, the idea did not catch on and in 2010 an exploit was found for the implementation of the technology, rendering it near useless. More recently ‘Secure Boot’ technology, which also prevents a computer from running unsigned code, is gaining momentum. For a device to receive Windows 8 certification it must implement the technology, although for devices using traditional x86-based processors it can be turned off.

However, what TPM failed to do in 2006, app stores are successfully doing today. Perhaps because they offer real advantages in terms of software discoverability and access, they are increasingly becoming a necessary step in the software distribution chain. This will undoubtedly affect free and open source software. If software developers want to use free and open source software written by others in their app-store distributed programs, they must navigate the potential incompatibilities between app store terms and those attached to the code they wish to reuse. If they ignore the app store, they will lose access entirely to certain computing platforms and relegate themselves to the unpublicised hinterland of others.

It is not all bad news, however. As mentioned above, the web browser offers another route to publication of functionality on a range of devices. While it is true that – at the moment – access to advanced device functions like location data, camera and microphone from web applications is limited and varies from device to device, various initiatives to rectify this situation are underway. The WAC project, for example, has been working on standardised methods of access to more advanced device features. More recently, the EU-funded Webinos project has set out to create a unified application platform across devices based on web standards. So-called ‘widgets’ – essentially mini-applications bundled for distribution and execution via a web browser – may provide a way for applications to reach across all platforms without hardware-manufacturer mediation. With the introduction of browser-based operating systems such as Firefox OS and Chrome OS, we’ve seen web technologies given a front seat on devices, and distributed through their respective app stores.

Certainly these are interesting times for software creation and distribution. In the last two decades, the free and open source movement has worked to flatten and democratise the software distribution model, and in the last two years the power of the app store has risen to challenge that process. The future will be determined by how we choose to write, receive and run our software.

OSS Watch has organized a workshop on open source cross-platform mobile apps, where delegates from industry and academia discussed issues relevant to open source development in mobile technologies and opportunities for cross-sector collaboration in this space.

OSS Watch provides unbiased advice and guidance on the use, development, and licensing of free software, open source software, and open source hardware.