For app developers: Including third party license information in an app

Wiki Tips & Tricks
1

I wanted to inform about my approach on how to include third party license information in my apps Compass and Metronome. Maybe this is helpfull for other app developers that write open source apps.

All apps depend on various open source libraries, at least some of the Android dependencies that are published under the Apache-License 2.0. So most of the times there should be a information section in the app that lists the included libraries and their license.

screenshot_light_licenses
screenshot_light_licenses1080×2340 126 KB

But it takes a lot of effort to aggregate all the license information manually and present them in the app. So we want to have an automated approach for this.

For this Google provides the OSS Licenses Gradle Plugin. It aggreates all the licenses at compile time so it can be processed later on in the app to display license information. They also have another library to display this information but this library itself is published under the closed source Android Software Development Kit License. So it is not fit in your open source apps. So we need another way to process the genrated data.

To come around this problem I wrote the OssLicensesParser library to parse the generated license information from their plugin. Then the parsed information can be used in the app to display the licenses in a way that suits the app, like in a preference section.

For more information checkout the Github page of OssLicensesParser.

2 Likes
2

Interesting project. See F-Droid ($1896503) · Snippets · GitLab for more alternative.

3

Thanks for sharing this snippet. I didn’t know it yet.

The AboutOss library includes a parser pretty similar to my implementation.

4

Interesting topic

it would be nice to have a Stand-alone tool that extracts the licence infos to a text or md file .

I tried the plugin with one of my android projects but found no generated lic info in the app\build** folder.

All i found was app\build\outputs\sdk-dependencies\release\sdkDependencies.txt
that contain the used libs but no license info

@Kr0oked : where can exactly can i find the generated license info?

Using

root/prj/build.gradle

dependencies {
    // gather licencse infos from dependencies.
    classpath 'com.google.android.gms:oss-licenses-plugin:0.10.1'
}

root/prj/app/build.gradle

dependencies {
    // gather licencse infos from dependencies.
    implementation 'com.google.android.gms:play-services-oss-licenses:16.0.0'
}

interesting side note: i got this lint warning after adding the dependecy:

Insecure TLS/SSL trust manager

...\com\google\android\gms\common\net\zza.class: checkClientTrusted is 
	empty, which could cause insecure network traffic due to trusting 
	arbitrary TLS/SSL certificates presented by peers

This check looks for X509TrustManager implementations whose 
	checkServerTrusted or checkClientTrusted methods do nothing 
	(thus trusting any certificate chain) which could result in 
	insecure network traffic caused by trusting arbitrary TLS/SSL 
	certificates presented by peers.
5

@k3b You can find the generated files in your build directory.

Bildschirmfoto vom 2024-03-28 18-29-30
Bildschirmfoto vom 2024-03-28 18-29-30549×634 36.6 KB

But note that you have not enabled the plugin that generates the files, you have to do something like this:

apply plugin: 'com.google.android.gms.oss-licenses-plugin'

The com.google.android.gms:play-services-oss-licenses dependency that you added in the app/build.gradle is the closed source library to display the license information.