By Nathan Willis on April 15, 2008 (7:00:00 PM)
Apple's recently released a software development kit (SDK) for the iPhone, but if you were hoping to port or develop original open source software with it, the news isn't good. Code signing and nondisclosure conditions make free software a no-go.
The SDK itself is a free download, with which you can write programs and run them on a software simulator. But in order to actually release software you've written, you must enroll in the iPhone Developer Program -- a step separate from downloading the SDK, and one that requires Apple's approval.
Since its release, many in the free software and open source community have debated whether the terms of the iPhone Developer Program are compatible with common licenses such as the GPL. In a search for a definitive answer, we asked the principal parties themselves. Apple did not reply to our inquiries, but Free Software Foundation (FSF) Licensing Compliance Officer Brett Smith was happy to discuss the licensing issues in depth.
First, let's look at the SDK and the developer program that accompanies it.
To download the SDK, you must first sign up for a free Apple ID -- an existing Apple Developer Connection, .Mac, or iTunes Store account will do -- and use it to register with Apple as an iPhone Developer. The SDK by itself won't let you create applications that run on actual iPhone devices, though. To do that, you must enroll in Apple's iPhone Developer Program, for a fee starting at $99.
For the time being, Apple is not accepting all applicants. Currently only US residents age 18 and up are eligible, and Apple is selecting a limited number of applicants. Who gets approved and speculation as to why are popular discussion topics on Apple-centric Web sites.
If your application is approved, a document called the Registered iPhone Developer Agreement lays out the terms and conditions under which you can create iPhone apps. It is those conditions that conflict with free software licenses like the GPL.
Problem: code signing
The iPhone Developer Program establishes Apple as the sole provider of iPhone applications. You can choose not to charge for an app you author, but the iTunes Store is the only channel through which it can be delivered to end users and installed. Apple signs the apps it approves with a cryptographic key. Unsigned apps won't run on the iPhone.
This condition conflicts with section 6 of the GPLv3, the so-called "anti-TiVoization" provision. In particular, it prohibits Apple from distributing a GPLv3-licensed iPhone application without supplying the signing keys necessary to make modified versions of the application run, too.
Thus, you as the developer could attempt to place your code under the GPLv3, but Apple could not distribute it -- and since only Apple-signed programs will run, no one else could distribute it either.
The FSF's Smith says the fact that the author of the program (i.e., you) and the distributor of the binary (i.e., Apple) are unrelated entities makes no difference. "If a program is meant to be installed on a particular User Product, GPLv3 imposes the same requirements about providing Installation Information whether the software is directly installed on the device or conveyed separately."
Because of the GPL's viral nature, any app that is derived from other GPLv3 code must be licensed in a way that preserves GPLv3's code signing requirement. But there are still projects that have chosen to retain earlier licenses, such as GPLv2, and prior versions of the GPL did not include the code signing requirement. Thus you could in theory place your work under GPLv2, as long as it was either entirely original or derived only from code licensed under GPLv2 and earlier. But the result still would not qualify as free software, since no one could alter your source code and run the modified result on their phone.
As Smith explains, "partially free" software is still non-free. "The Free Software Definition is not a checklist, where software that fulfills three of the criteria is somehow 'better' than software that only meets two. The Free Software Definition lists the bare minimum rights you need to make sure that the software works for you, instead of somebody else. If you've been deprived of any single one of those rights, whether by a license, a patent, code signing, or any other means, then you've lost your freedom. You no longer control the computer; it controls you. Getting some source is a small consolation prize for losing your own autonomy."
But the aforementioned situation is only an option if Apple would allow you to release the source....
Problem: nondisclosure
Unrelated to the code signing complication is another issue that restricts your choice of licenses. The Registered iPhone Developer Agreement is a contract between the developer (you) and Apple. If you violate any of the terms and conditions of the agreement, you lose your right to use the coding utilities in the SDK and all of its information and documentation.
Section 3 of the document is a nondisclosure agreement (NDA). It defines "all information disclosed by Apple to you that relates to Apple's products, designs, business plans, business opportunities, finances, research, development, know-how, personnel, or third-party confidential information" as "Confidential Information" -- excluding specific information that is available elsewhere. You must agree not to "disclose, publish, or disseminate" any of the aforementioned Confidential Information, and not to use it "in any way, including, without limitation, for your own or any third party's benefit without the prior written approval of an authorized representative of Apple in each instance."
Those broad restrictions may be standard issue for an NDA, but they constitute a binding agreement that trumps your usual right to place a license of your choosing on your source code. As Smith puts it, "If you agree to an NDA that prohibits you from sharing your program's source, then you cannot release that program under the GPL, or incorporate any GPL-covered code in it."
Publicly releasing source code that uses the iPhone APIs as documented in the SDK and Developer Program could easily fall under the definition of "disclosing," "publishing," or "disseminating" Confidential Information, as none of the iPhone APIs are documented elsewhere. A clearer word from Apple regarding what exactly constitutes "disclosing," "publishing," and "disseminating" would be helpful, but until the company makes such a clarification, the conservative interpretation is the safest.
You could ask Apple for permission to publish your source code, but in the absence of such permission, violating the agreement terminates your right to use the SDK and to publish your software, regardless of the license you choose.
Finally, the fact that currently only US residents age 18 and older can even sign up for the iPhone Developer Program disqualifies many free software developers right out of the gate. The US-only restriction will likely be lifted, just as the devices themselves have been rolled out country by country. But the Registered iPhone Developer Agreement is intended to serve as a binding contract, so the age restriction is certainly here to stay.
There are other restrictions on what iPhone applications are allowed to do, which some might consider barriers to free software. The limitations already discussed affect all apps, regardless of function.
Freedom!
Of course, the code signing and NDA hang-ups apply only to developers who sign up for the program. Reverse-engineer the iPhone and you can code to your heart's content. So long as you do not expose yourself to the official SDK, you can license your work however you want.
All of the third-party iPhone apps available up until now are the result of jailbreaking the devices, a pastime at least partly responsible for Apple's decision to create an iPhone SDK in the first place.
To its credit, the Apple development community seems to recognize the limitations of the iPhone SDK as they apply even to non-free software, and is writing about them.
As the iPhone SDK Era begins, it is interesting to look back at what the FSF had to say about the launch of the device itself. The FSF launched GPLv3 on the same day that Apple launched the iPhone, and used the event to address the restrictions placed on iPhone owners.
Executive Director Peter Brown described the device as "crippled, because a device that isn't under the control of its owner works against the interests of its owner." The document goes on to cite DRM locks and "TiVoization" as the principal problems.
In the months since those words were written, the TiVoization problem might have sounded abstract, but the details of the iPhone SDK make it crystal clear -- you cannot write free software for the iPhone, even if you want to.
Tuesday, April 15, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment