Comment by stebalien
15 days ago
I still haven't seen anyone discuss the issues with distributing applications containing GPLv3 components under these new rules given the clause (from the GPLv3):
> “Installation Information” for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made.
At the moment, the workaround here is that keys can technically just be generated on the fly (with some caveats). With Google's new requirements, that's not possible.
Whilst details matter in law I assume this will be equivalent to Apple's terms and the FSF believes they are incompatible https://www.fsf.org/blogs/licensing/more-about-the-app-store....
In my interpretation, this clause is for when someone ships a user product that contains GPLv3 software. That means it would apply to the phone vendor if the phone contained GPLv3 (or anything using LGPLv3) software.
But if you're just a developer who ship software GPLv3 software for Android, you are good because any developer that want to modify your software on their phone can, as long as they register to Google to get these keys. It should therefore be respecting the licenses.
But that's just my interpretation.
Sure, but that means that either Google or the application author would be required to give me working keys with no restrictions, which would make the entire system rather pointless.
However, now that I think about it, the fact that "unauthorized" apps can still be installed via ADB exception may cover this?
> as long as they register to Google to get these keys
As soon as e.g. an Iranian user gets access to your GPLv3 app, you've got a problem. They cannot register with Google (due to sanctions), but you are responsible for ensuring they can install and distribute their modified app just as you have.
They aren't responsible for ensuring that others can install it.
That part of GPLv3, commonly called the "anti-Tivoization" clause, only applies if you "convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized)".
This was narrowly written to only cover situations like Tivo, which was a hardware vendor locking down GPL code on the hardware they sold.
> any developer that want to modify your software on their phone can, as long as they register to Google to get these keys
Pretty sure the GPLv3 requires you not have any such barrier.
I couldn't find such requirements when reading the GPL.
The paragraph cited by GP is from the explicitly about "convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term". So in other words, only if you sell hardware with binaries under GPL.
Also, from reading other comments, it seems it would still be possible to use the adb console to load apps without having signatures? So that should cover it as far as the GPL is concerned.
2 replies →
I do think that this very much puts Google in the same boat as Apple in terms of how the GPL is deemed compatible or not for distribution to their platforms and proprietary stores.
Personally, I think that the GPL is still compatible with both platforms, as I've written about before[1]. There's plenty of GPL software on both the Play Store and App Store (Signal, Element, Wordpress, SimpleNote, Bitwarden, Mastodon, Telegram, and Proton Mail, just to name a few), but people tend to feel that iOS is a more hostile environment. The mandatory developer registration requirement may bring a more even-handed assessment of how the GPL and these app stores can live together.
[1] https://appfair.org/blog/gpl-and-the-app-stores