Legal advice: avoiding the Google EULA?

Well, “legal advice” is a bit too strong. I don’t plan on doing anything that breaks the EULA, but out of principle I’m trying to set up an android toolchain without agreeing to it and just want some feedback to see if people think I’m on the right track - or just driving myself insane for no reason… Essentially, I just got some questions:

  • First of all, I know I can download prebuilt archives without accepting the EULA, by either knowing the URLs (dl.google.com/android/repository/[...].zip) or from another source (I found out tencent mirrors them publicly). But is that enough from a legal perspective? Or am I just indirectly agreeing to it by downloading them anyway?
  • Similarly if I download other prebuilt android tools, like R8/D8? (the D8 readme explicitly states the https://storage.googleapis.com/r8-releases/raw/[version]/r8lib.jar URL, and I see no EULA anywhere just the good license of R8/D8).
  • BUT: I looked into some of these archives (some NDKs, some SDK platforms) and did not find any EULA text included inside them. So once again, if I download it without agreeing, and use them without there being a EULA, can I (or someone using my build system) still be held by these terms?
  • So far I have assumed the above is unclear and have saved it as a last resort. Instead I’ve been trying to rebuild the NDK and the parts I need of the SDK (really only need the “android.jar” and “D8”) following the instructions by Beuc’s Android Rebuilds project (RIP) and some others. I’ve managed to build the NDK without problems. And the SDK also seems feasible, but more tricky to get right.
  • I did however discover when setting up sources for both NDK and SDK (using “repo”): it also pulls down a large number of precompiled binaries! In the case of the NDK, these “prebuilts” are actually used to construct the NDK without even recompiling sources (I know this is also how Beuc’s build approach worked), and similarly the SDK clones a repo with an already built SDK, with a ready to use “android.jar”.
  • I also discovered something very worrying: the “prebuilt” SDK files (used to build the SDK) does includes a “NOTICE” file containing the EULA I was trying to avoid! Does this mean I am actually subject to the EULA simply by recompiling the SDK?
  • This also seems to be the case when I followed Beuc’s instructions and set up a repo from the same “android-11.0.0_r27” branch in his instructions. Does this mean Beuc’s rebuilds, despite the best intentions, turned out to be plagued by the EULA as well?
  • However, the NDK does not contain the EULA anywhere I can see (I’ve looked in an official archive, in the sources, and in the specific git repo containing a prebuilt version toolchain/prebuilts/ndk/r25 - Git at Google)
  • But again, the git repo containing the prebuilt SDK required to build the SDK (platform/prebuilts/sdk - Git at Google) does contain this NOTICE file with the EULA.
  • Ultimately, should I just give up and download the prebuilt archives (from a server without accepting the EULA), observe that they don’t contain the EULA text in them, and just pretend everything is fine and move on from this mess? I have spent so much time on this only to find out rebuilding the SDK might still not solve anything. :frowning_face:

Oh, and worth mentioning: I am not using gradle or similar, but my own build system (it’s just a set of Makefiles, yes I will release this publicly under GPL as part of a larger project when it’s more polished). So there is nothing further forcing me to agree to the EULA beyond obtaining and using the needed NDK and SDK files.

I’m very grateful for any thoughts and feedback!

The important TLDR: it was believed that a SDK built from source would avoid the EULA. But it appears Google has been including the EULA in the sources as well for quite some time.

Maybe I should have made the topic specifically about this instead? I think I wrote too much above, sorry about that. And sorry for double posting, I wanted to make the issue more clear. Also, I get that this is a boring/sad topic to discuss, but it’s very central to the nature of software freedom. And also what sparked Beuc’s Android Rebuilds project in the first place. Maybe this is why he abandoned it?

Thanks for your reply, @ferry2323! For some reason I can’t see it here on the forum, but I saw it in an email notification. I think you are really spot on and it’s exactly my concern. I also appreciate your advice to seek legal advice. In my case I don’t think there is anything EULA-breaking in my work, I just wanted to avoid agreeing to it, much it in the same spirit of @Beuc when he started the Rebuilds project.

It seems the Replicant project is also actively working on this (SDK - Replicant) and there is a more up-to-date approach for SDK rebuilds (Starfish/SDK-Rebuilds - Codeberg.org). I think I will have to get in contact with them and discuss this discovery. I just hope there is a good way around this mess.